Serpent’s Walk: Forecasts a Nazi takeover of U.S. in mid-twenty-first century, after WMD terror, blamed on Russia, devastates U.S.

Introduction: This program affords a vista on several critical political and national security landscapes, including the use of nuclear power plants as an economic weapon and sabotaged via physical interdiction or cyber-interference.

After examining a supposed “Russian-meddling” incident which was actually an anti-Russian incident to use Ukrainian nuclear power plants to supersede the old Soviet power grid in former republics of the U.S.S.R., we note the continued dominance of the Ukrainian political landscape by virulent fascists evolved from the World War II era OUN/B.

We conclude with a terrifying look at the possibility that the sabotaging/hacking of nuclear power plants could lead to a Third World War.

With the media and political establishments turning handsprings over “Russia-gate,” we examine in detail one of the incidents prominent in the presentation of the supposition that “our democracy” was manipulated by the Russians.

In late January, Trump point man for “matters Russian”–CIA/FBI operative Felix Sater, a long-time associate of his and Trump’s lawyer Michael Cohen and a Ukrainian parliamentarian named Andrii Artemenko were proposing a cease-fire/peace plan for Ukraine. This has been spun by our media as constituting yet another of the “Russia controls Trump” manifestations.

The facts, however, reveal that this was not a “pro-Russian” gambit but an ANTI-Russian gambit! In addition to the CIA/FBI affiliation of Sater, it should be noted that Artemenko was part of the Pravy Sektor milieu in Ukraine, one of the most virulent of the OUN/B successor organizations in power in that benighted nation.

Sater, Artemenko and others were working on a plan to rehabilitate Ukrainian nuclear power plants in order to generate electricity for Ukraine and the Baltic states, freeing those former Soviet republics from their old Soviet electrical power grids. The aging Soviet grids are a remaining element for potential Russian influence in these areas.

Andrii Artemenko:

” . . . is a populist politician with ties to the far-right Ukrainian military-political group “Right Sector” and a member of the pro-Western opposition parliamentary coalition led by former Prime Minister Yulia Tymoshenko’s party. . . . Artemenko, who is a staunch ally of Valentyn Nalyvaichenko, a former head of Ukraine’s security service with lofty political ambitions, has aligned himself with other West-leaning populists like Tymoshenko. . . .”

” . . . . has a wife who is a model, he served 2.5 years in prison without a trial,he has business in U.S and he is involved in the military trade to the war zones in the Middle East. At home, he has close ties with the ultra-nationalistic Right Sector. . . .”

” . . . according to his previous e-declaration in 2015, Artemenko has a wife, model Oksana Kuchmaand four children, including two with U.S. citizenship — Edward Daniel, Amber Katherine. . . .”

” . . . . founded several companies that provided military logistics services into the conflict zones and traveled to Saudi Arabia, Syria, and Qatar for business trips. . . .”

” . . . . is the deputy head of the European Integration Committee and responsible for diplomatic connections with Saudi Arabia, Qatar, United States, Kuwait, Lithuania and Belarus. . . .”

” . . . . joined the Right Sector political party and was rumored to be one of the sponsors of its leader, Dmytro Yarosh, during his presidential election campaign in 2014. There is even a photo of Artemenko, seating among the Right Sector Party founders at the first party meeting in March 2014. Right Sector spokesperson Artem Skoropadsky told the Kyiv Post on Feb. 20 that he couldn’t confirm or deny whether Artemenko financed the Right Sector Party. . . .”

Anything but a “pro-Russian” agent. Again, he was working with Trump point man for matters Russian Felix Sater on this deal to provide nuclear-generated electricity to some former Soviet republics. Again, an anti-Russian plot, NOT a pro-Russian plot!

In past posts and programs, we have discussed Volodomir Vyatrovich, head of the Orwellian Institute of National Remembrance. He defended Shukhevych and the public displaying of the symbol of the Galician Division (14th Waffen SS Division.)

Returning to Sater collaborator Andrii Artemenko, we note that he is part of push by Pravy Sektor and other OUN/B successor organizations in Ukraine to oust Poroshenko.

A major, terrifying part of the program focuses on nuclear power plants, the physical and/or cyber sabotaging of those plants and the possibility that this could lead to a Third World War. Against the background of the drumbeat of anti-Russian propaganda to which we are being subjected, the charge that “Russian hackers” attempted to gain access to U.S. nuclear power plants using a spearfishing attack is to be viewed with alarm.

“. . . . The Washington Postreported Saturday that U.S. government officials have already pinned the recent nuclear cyber intrusions on Russia. . . . Analysts remain quick to tamp down assertions that Russia’s fingerprint on the latest attack is a sure thing. . . . Still, it’s a pretty alarming situation regardless of who was behind it, in part because it’s an example of how potentially vulnerable things like nuclear plants are to any hacker, state-backed or not: . . . . Still, the source said a well-resourced attacker could try sneaking in thumb drives, planting an insider or even landing a drone equipped with wireless attack technology into a nuclear generation site. Reports indicate that the infamous Stuxnet worm, which damaged Iranian nuclear centrifuges in the late 2000s, probably snuck in on removable media. Once inside the “air gapped” target network, Stuxnet relied on its own hard-coded instructions, rather than any remote commands sent in through the internet, to cause costly and sensitive nuclear equipment to spin out of control. . . .”

The above-excerpted story should be viewed against the background of a frightening development in Florida. Devon Arthurs – a neo-Nazi-turned-Muslim–murdered two of his neo-Nazi roommates back in May. National Guard soldier Brandon Russell – Arthurs’s surviving third roommate, was found with bomb-making materials, radioactive substances and a framed picture of Timothy McVeigh after police searched their residence.

Russell:

Planned to sabotage a nuclear power plant. ” . . . . He said Russell studied how to build nuclear weapons in school and is ‘somebody that literally has knowledge of how to build a nuclear bomb.’ . . . He also said they had a plan to fire mortars loaded with nuclear material into the cooling units of a nuclear power plant near Miami. He said the damage would cause ‘a massive reactor failure’ and spread ‘irradiated water’ throughout the ocean. . . .”

Belonged to a Nazi group called “Atomwaffen.” ” . . . The FBI said Russell “admitted to his neo-Nazi beliefs” and said he was a member of a group called Atomwaffen, which is German for ‘atomic weapon.’ . . .”

Was in the National Guard. Recall that, in the Nazi tract Serpent’s Walk, the Underground Reich gains control of the opinion-forming media, infiltrates the U.S. military and takes over the country after it is devastated by a series of terrorist incidents involving Russian WMDs. The stage is set for a Nazi flase flag operation that could be blamed on Russia.

Russell, and the rest of Atomwaffen, received a wringing endorsement from brilliant Nazi hacker Andrew Auerenheimer. Auernheimer is a skilled hacker who may very well have the ability to trigger a nuclear melt down someday. Writing of the murder of Russell’s roommates Auernheimer, the two killed roommates were “friends of friends” and the “Atomwaffen are a bunch of good dudes. They’ve posted tons of fliers with absolutely killer graphics at tons of universities over the years. They generally have a lot of fun and party.”

The point, here, is that Auerenheimer is part of the Nazi milieu that was looking to sabotage a nuclear power plant. With our media hyping “Russian hacking,” including the supposed attempt to hack U.S. nuclear power plants, the propaganda stage is set for someone with Auerenheimer’s formidable computer skills to sabotage a nuke plant, thereby [very possibly] starting World War III.

This post concludes with a detailed article referred to briefly at the end of the broadcast. It delves into the technically complicated discussion about the high-profile hacks.

Against the background of the reports of Russian hacking of U.S. nuclear power plants, the “Atomwaffen” link to Ukraine-based Andrew Auerenheimer, writer Jeffrey Carr’s reflections are to be weighed very seriously:

” . . . . Here’s my nightmare. Every time a claim of attribution is made—right or wrong—it becomes part of a permanent record; an un-verifiable provenance that is built upon by the next security researcher or startup who wants to grab a headline, and by the one after him, and the one after her. The most sensational of those claims are almost assured of international media attention, and if they align with U.S. policy interests, they rapidly move from unverified theory to fact.

Because each headline is informed by a report, and because indicators of compromise and other technical details are shared between vendors worldwide, any State or non-State actor in the world will soon have the ability to imitate an APT group with State attribution, launch an attack against another State, and generate sufficient harmful effects to trigger an international incident. All because some commercial cybersecurity companies are compelled to chase headlines with sensational claims of attribution that cannot be verified. . . .”

Program Highlights Include: The CIA/State Department background of Kurt Volker (nice Anglo-Saxon name, that), Trump’s envoy to Ukraine and an advocate of selling weaponry to that benighted state; Andrii Artemenko and Felix Sater’s would-be associate in the Ukrainian nuclear power plant scheme, Robert Armao; Armao’s links to Nelson Rockefeller, Marc Rich and Francesco Pazienza (a figure in the investigations into P-2, the shooting of Pope John Paul I and the collapse of the Banco Ambrosiano); Review of James Comey’s role in investigating Bill Clinton’s pardon of Marc Rich; review of the revival of the FBI’s Twitter account and its dissemination of Marc Rich material on the eve of the election; review of Felix Sater’s CIA/FBI background; Auerenheimer’s obsession with Timothy McVeigh; Brandon Russell’s fascination with Timothy McVeigh.

1a. By way of review, we remind listeners that the point man for the Trump business interests in their dealings with Russia is Felix Sater. A Russian-born immigrant, Sater is a professional criminal and a convicted felon with historical links to the Mafia. Beyond that, and more importantly, Sater is an FBI informant and a CIA contract agent. ” . . . . He [Sater] also provided other purported national security services for a reported fee of $300,000. Stories abound as to what else Sater may or may not have done in the arena of national security. . . .” We wonder if helping the “Russia-Gate” op may have been one of those.

The Making of Donald Trump by David Cay Johnston; Melville House [HC]; copyright 2016 by David Cay Johnston; ISBN 978-1-61219-632-9. p. 165.. . . . There is every indication that the extraordinarily lenient treatment resulted from Sater playing a get-out-of-jail free card. Shortly before his secret guilty plea, Sater became a freelance operative of the Central Intelligence Agency. One of his fellow stock swindlers, Salvatore Lauria, wrote a book about it. “The Scorpion and the Frog” is described on its cover as ‘the true story of one man’s fraudulent rise and fall in the Wall Street of the nineties.’ According to Lauria–and the court files that have been unsealed–Sater helped the CIA buy small missiles before they got to terrorists. He also provided other purported national security services for a reported fee of $300,000. Stories abound as to what else Sater may or may not have done in the arena of national security. . . .

Sater was active on behalf of the Trumps in the fall of 2015: “. . . . Sater worked on a plan for a Trump Tower in Moscow as recently as the fall of 2015, but he said that had come to a halt because of Trump’s presidential campaign. . . .”

Indicative of the significance of Sater to the U.S. intelligence and national security establishment is a statement by Attorney General nominee Loretta Lynch during her confirmation hearing: “. . . . In late March, then-FBI director James Comey was asked about Sater’s relationship with the FBI when he appeared before the House Intelligence Committee. Comey declined to comment, presumably because Sater spent a decade as a secret government cooperator for both the FBI and at times, the CIA. But in 2015, during her confirmation hearing for the post of U.S. Attorney General, Loretta Lynch offered a teaser. In response to a written question about Sater by Senator Orrin Hatch, she stated that his [decade-long] assistance as a federal cooperator was ‘crucial to national security.’ [We wonder if this might have had anything to do with Lynch’s now infamous meeting with Bill Clinton at an airport–D.E.] . . . .”

Sater was initiating contact between the Russians and “Team Trump” in Januaryof this year, a gambit that will be analyzed at length and detail in this program. As we shall see, the political valence of this event are at fundamental variance with the “Russia-Gate” psy-op: “ . . . . Nevertheless, in late January, Sater and a Ukrainian lawmaker reportedly met with Trump’s personal lawyer, Michael Cohen, at a New York hotel. According to the Times, they discussed a plan that involved the U.S. lifting sanctions against Russia, and Cohen said he hand-delivered the plan in a sealed envelope to then-national security advisor Michael Flynn. . . .”

. . . . Sater told TPM he called the now-notorious meeting with Cohen and Ukrainian politician Andrii Artemenko in February to discuss the future of Ukraine. . . .

2a. Far from being a Russian “agent of influence,” Artemenko is a long standing member of Pravy Sektor and the Radical Party. As we will see below, he may have been a primary financial backer of this OUN/B successor organization. In addition to the anti-Russian conspiracy to which Sater, Cohen and Artemenko were party, the latter appears to have been part of a Ukrainian fascist consortium that, as we shall see below, are moving in the direction of ousting Petro Poroshenko. “. . . .Tall and brawny, Artemenko is a populist politician with ties to the far-right Ukrainian military-political group “Right Sector” and a member of the pro-Western opposition parliamentary coalition led by former Prime Minister Yulia Tymoshenko’s party. . . . Artemenko, who is a staunch ally of Valentyn Nalyvaichenko, a former head of Ukraine’s security service with lofty political ambitions, has aligned himself with other West-leaning populists like Tymoshenko. . . .“

On Feb. 19, the right-wing Ukrainian member of parliament was sucked into the scandal surrounding President Donald Trump and his alleged ties to Russia when the New York Timesreported that Artemenko had served as a back channel between Moscow and Trump associates.

In the aftermath of the report, Artemenko was forced out of his political faction in Ukraine, the far-right Radical Party . . . .

. . . . Tall and brawny, Artemenko is a populist politician with ties to the far-right Ukrainian military-political group “Right Sector” and a member of the pro-Western opposition parliamentary coalition led by former Prime Minister Yulia Tymoshenko’s party. . . .

. . . . Artemenko, who is a staunch ally of Valentyn Nalyvaichenko, a former head of Ukraine’s security service with lofty political ambitions, has aligned himself with other West-leaning populists like Tymoshenko. . . .

. . . . Artemenko insists that his intentions in pushing a peace plan for Ukraine are in the country’s best interests. But political observers see his freelance diplomacy as part of a rising groundswell in Kiev against Poroshenko by opposition forces ahead of parliamentary and presidential elections scheduled for 2019.

“Alliances are shifting in Ukraine right now against Poroshenko,” said Balazs Jarabik, a nonresident scholar at the Carnegie Endowment for International Peace. “All this diplomatic maneuvering in Washington needs to be viewed through this lens.”

Artemenko has emerged as a vocal critic of Poroshenko and says he has evidence showing corruption by the Ukrainian president. . . .

” . . . . has a wife who is a model, he served 2.5 years in prison without a trial,he has business in U.S and he is involved in the military trade to the war zones in the Middle East. At home, he has close ties with the ultra-nationalistic Right Sector. . . .”

” . . . according to his previous e-declaration in 2015, Artemenko has a wife, model Oksana Kuchmaand four children, including two with U.S. citizenship — Edward Daniel, Amber Katherine. . . .”

” . . . . founded several companies that provided military logistics services into the conflict zones and traveled to Saudi Arabia, Syria, and Qatar for business trips. . . .”

” . . . . is the deputy head of the European Integration Committee and responsible for diplomatic connections with Saudi Arabia, Qatar, United States, Kuwait, Lithuania and Belarus. . . .”

” . . . . joined the Right Sector political party and was rumored to be one of the sponsors of its leader, Dmytro Yarosh, during his presidential election campaign in 2014. There is even a photo of Artemenko, seating among the Right Sector Party founders at the first party meeting in March 2014. Right Sector spokesperson Artem Skoropadsky told the Kyiv Post on Feb. 20 that he couldn’t confirm or deny whether Artemenko financed the Right Sector Party. . . .”

Now ex-Radical Party member of parliament Andrey Artemenko came under criticism from all sides after the New York Times revealed on Feb. 19 that he was trying to broker his own peace plan to end Russia’s war against Ukraine.

The plan was distinctly pro-Russian, but even the Russians rejected it and his freelance, amateurish diplomacy got him kicked out of his own party, although he remains a member of parliament.

His ideas included leasing Crimea to Russia for 50 years and the lifting of economic sanctions against Russia by U.S. President Donald J. Trump.

Dmitry Peskov, Vladimir Putin’s press secretary, denied prior knowledge of the sealed plan, which includes a suggestion that Ukraine lease Crimea to Russia, which annexed the region in 2014, the Telegraph in London quoted him as saying. “There’s nothing to talk about. How can Russia rent its own region from itself?” Peskov said.

Artemenko described himself to the New York Times as a Trump-style politician.

The 48-year-old lawmaker’s biography is colorful and controversial: He has a wife who is a model, he served 2.5 years in prison without a trial,he has business in U.S and he is involved in the military trade to the war zones in the Middle East. At home, he has close ties with the ultra-nationalistic Right Sector.

“I demand Andrey Artemenko discard as a lawmaker. He has no rights to represent our faction and party. Our position is unchangeable – Russia is the aggressor and must get away from Ukrainian territories,” Oleh Lyashko, Radical Party leader said to the journalist in Verkhovna Rada on Feb. 20.

“Nobody in Radical Party trades Ukraine,” Lyashko said. “To lease Crimea to Russia is the same as to give your own mother for rent to the traveling circus.”

Artemenko told the New York Times that many people would criticize him as a Russian or American C.I.A. agent for his plan, but peace is what he’s after.

“But how can you find a good solution between our countries if we do not talk?” Artemenko said.

Before the New York Times story, Artemenko wasn’t famous. He may see himself as the next president of Ukraine, but others saw him as just another gray cardinal.

Family, business in U.S.

Artemenko hasn’t filed electronic declaration for 2016.

However, according to his previous e-declaration in 2015, Artemenko has a wife, model Oksana Kuchmaand four children, including two with U.S. citizenship — Edward Daniel, Amber Katherine. The children from the first marriage, Vitaly and Kristina Artemenko (Kraskovski), have Ukrainian citizenship but live in Ontario, Canada with their mother’s husband. In 2014 Artemenko’s elder daughter Kristina gave birth to Artemenko’s grandson.

Artemenko owns land plots of 14,000 square meters and 5,000 square meters in Vyshenki village of Kyiv Oblast.

And his wife Oksana Kuchma is not only a model but a businesswoman. [Kind of According to Artemenko’s e-declaration, Kuchma has a land plot of 3,000 square meters and a house in Gnidyn village of Kyiv Oblast, an 850 square meter apartment in Lviv Oblast’s Zhovkva and also a 127-square meter apartment in Kyiv under construction.

Kuchma owns a company OKSY GLOBAL LLC, registered in the U.S. and also the private avian-transportation company, the Aviation Company Special Avia Alliance registered in Kyiv at the same address as the company Global Business Group GMBh, Artemenko used to work as a deputy director before he came to Rada after the parliament elections in 2014.

According to the Ministry of Justice registry, the Global Business Group GMBh provides the variety of services: vehicles trade, various goods trade, restaurants business and business consulting.

The shareholder of the Global Business Group GMBh is also a U.S. based company Global Assets Inc., registered in Miami, Florida.

…

Start from Kyiv

Artemenko came into politics after business and jail. According to the biography on his official website, in the early 1990s he founded a law firm that advocated the interests of professional athletes and then he became a president of CSK Kyiv soccer club. In 1998-2000, he was the adviser of than Kyiv Mayor Oleksandr Omelchenko, a member and one of the founders of his party Unity.

In 2002, Artemenko was arrested by the Prosecutor’s General Office of Ukraine on accusations of money laundering and kept in pre-trial detention for more than two years. However, he successfully challenged his imprisonment as illegal and groundless. He said prosecutors were persecuting him in hopes of getting Omelchenko, who was also suspected of money laundering.

In 2004, Artemenko released from pre-trial detention center Lukyanivske on bail of Mikhail Dobkin, a Party of Regions lawmaker.

But in 2006 he became the head of the Kyiv department of Batkivshchyna Party, led by now ex-Prime Minister Yulia Tymoshenko.

In 2007-2013 Artemenko founded several companies that provided military logistics services into the conflict zones and traveled to Saudi Arabia, Syria, and Qatar for business trips.

Since 2013 he has his own charity foundation that helps internally displaced persons from the war-torn Donbas.

True patriot?

Artemenko came to the Verkhovna Rada in 2014 as a Radical Party lawmaker (16th on the party’s list). According to the parliament’s website, Artemenko is the deputy head of the European Integration Committee and responsible for diplomatic connections with Saudi Arabia, Qatar, United States, Kuwait, Lithuania and Belarus.

The lawmaker took an active part in EuroMaidan Revolution in 2013-2014 that deposed President Viktor Yanukovych.

In 2014 he joined the Right Sector political party and was rumored to be one of the sponsors of its leader, Dmytro Yarosh, during his presidential election campaign in 2014.

There is even a photo of Artemenko, seating among the Right Sector Party founders at the first party meeting in March 2014.
Right Sector spokesperson Artem Skoropadsky told the Kyiv Post on Feb. 20 that he couldn’t confirm or deny whether Artemenko financed the Right Sector Party.

“I was never into all the ‘financial stuff,’ but I have no information about him giving the money. I remember all those guys like him (Artemenko) and (Borislav) Bereza just came to us after March 22. They weren’t Right Sector members during the Revolution of Dignity,” said Skoropadsky.

He said that after the end of EuroMaidan Revolution there was a “mess” in Right Sector. Dozens of people a day was coming to the activists only in Kyiv.

“The ones who could afford it gave us money, others help in different ways. But as soon as we started building the structure of the organization, the guys like Artemenko and Bereza went to the other parties, came in Rada or other government structures,” Skoropadsky recalled.

———-

3. Before updating the resuscitation and Orwellian rehabilitation of the OUN/B World War II-era fascists in Ukraine, we note Trump’s appointment as special envoy to Ukraine–Kurt Volker, whose CV includes stints with CIA and Department of State.

. . . . “Although he may be seen as hawkish by the Russian side, he will certainly be taken seriously,” says Matthew Rojansky, director of the Kennan Institute at the Woodrow Wilson Center, of the new special representative for Ukraine negotiations, whose vaunted resume also includes stints at the National Security Council, CIA and Foreign Service. “Volker’s appointment will be welcomed by our European allies and by the Ukrainian government.” . . .

In past posts and programs, we have discussed Volodomir Vyatrovich, head of the Orwellian Institute of National Remembrance. He defended Shukhevych and the public displaying of the symbol of the Galician Division (14th Waffen SS Division.)

The Ukrainian city of Lviv will hold a festival celebrating a Nazi collaborator on the anniversary of a major pogrom against the city’s Jews.

Shukhevychfest, an event named for Roman Shukhevych featuring music and theater shows, will be held Friday.

Eduard Dolinsky, the director of the Ukrainian Jewish Committee, in a statement called the event “disgraceful.”

On June 30, 1941, Ukrainian troops, including militiamen loyal to Shukhevych’s, began a series of pogroms against Jews, which they perpetrated under the auspices of the German army, according to Yale University history professor Timothy Snyder and other scholars. They murdered approximately 6,000 Jews in those pogroms.

The day of the festival is the 110th birthday of Shukhevych, a leader of the OUN-B nationalist group and later of the UPA insurgency militia, which collaborated with the Nazis against the Soviet Union before it turned against the Nazis.

Shukhevychfest is part of a series of gestures honoring nationalists in Ukraine following the 2014 revolution, in which nationalists played a leading role. They brought down the government of President Viktor Yanukovuch, whose critics said was a corrupt Russian stooge.

On June 13, a Kiev administrative court partially upheld a motion by parties opposed to the veneration of Shukhevych in the city and suspended the renaming of a street after Shukhevych. The city council approved the renaming earlier this month.

In a related debate, the director of Ukraine’s Institute of National Remembrance, Vladimir Vyatrovich,, who recently described Shukhevych as an “eminent personality,” last month defended the displaying in public of the symbol of the Galician SS division. Responsible for countless murders of Jews, Nazi Germany’s most elite unit was comprised of Ukrainian volunteers.

Displaying Nazi symbols is illegal in Ukraine but the Galician SS division’s symbol is “in accordance with the current legislation of Ukraine,” Vyatrovich said. . . .

5a. In other, previous discussions of the return of Ukrainian fascism, we noted that the Svoboda Party’s militia is called Combat 14, named after the “14 words” minted by David Lane, the American neo-Nazi who participated in the killing of Denver talk show host Allan Berg.

One of the women profiled was “Anaconda”, fighting in the Aidar Battalion bankrolled by Igor Kolomoisky:

Anaconda was given her nickname by a unit commander, in a joking reference to her stature and power. The baby-faced 19-year-old says that her mother is very worried about her and phones several times a day, sometimes even during combat. She says it is better to always answer, as her mother will not stop calling until she picks up.

“In the very beginning my mother kept saying that the war is not for girls,” Anaconda says. “But now she has to put up with my choice. My dad would have come to the front himself, but his health does not allow him to move. He is proud of me now.”

Anaconda was photographed in combat dress resolutely holding an assault rifle in front of a rather decrepit van.

The caption read:

“Anaconda says she is being treated well by the men in her battalion, but is hoping that the war will end soon.”

As reported by the gadfly site OffGuardian, several readers posted critical observations on the van’s insignia in the comments section of the piece. One, “bananasandsocks”, wrote: “We learn from Wikipedia that the image on the door is the “semi-official” insignia of the 36th Waffen Grenadier Division of the SS…” and also pointed out the neo-Nazi significance of the number “1488”.

“bananasandsocks” seemingly temperate comment was removed by the Guardian for violating its community standards, as were several others, apparently as examples of “persistent misrepresentation of the Guardian and our journalists”.

But then the Guardian thought better of it. While not reinstating the critical comments, it quietly deleted the original caption to the photo of Anaconda and replaced it with:

Anaconda alongside a van displaying the neo-Nazi symbol 1488. The volunteer brigade is known for its far-right links.

Problem solved? Maybe not. Maybe it’s more like “Problem dodged”. Specifically, the problem of the pervasive participation of “ultra-right” paramilitary elements in Kyiv military operations, which even intrudes upon the Guardian’s efforts to put a liberal-friendly feminist sheen on the debacle of the recent ATO in eastern Ukraine.

The Fourteen Words is a phrase used predominantly by white nationalists. It most commonly refers to a 14-word slogan: “We must secure the existence of our people and a future for White Children.” It can also refer to another 14-word slogan: “Because the beauty of the White Aryan woman must not perish from the earth.”

Both slogans were coined by David Lane, convicted terrorist and member of the white separatist organization The Order. The first slogan was inspired by a statement, 88 words in length, from Volume 1, Chapter 8 of Adolf Hitler’s Mein Kampf:

…

Neo-Nazis often combine the number 14 with 88, as in “14/88? or “1488”. The 8s stand for the eighth letter of the alphabet (H), with “HH” standing for “Heil Hitler”.

Lane died in prison in 2007 while serving a 190 year sentence for, among other things, the murder of Denver radio talk show host Alan Berg. David Lane has considerable stature within global white nationalist/neo-Nazi/fascist circles as one of the American Aryan movement’s premier badasses (in addition involvement in to the Berg murder—in which he denied involvement—and a string of bank robberies to finance the movement—also denied, Lane achieved a certain martyr’s stature for enduring almost two decades in Federal detention, frequently in the notorious Communications Management Units).

And David Lane was a big deal for the “ultra-right” & fascists in Ukraine, according to the Southern Poverty Law Center:

Lane’s death touched off paeans from racists around the country and abroad. June 30 was designated a “Global Day of Remembrance,” with demonstrations held in at least five U.S. cities as well as England, Germany, Russia and the Ukraine.

Judging by this video, the march/memorial on the first anniversary of his death, in 2008, organized by the Ukrainian National Socialist Party in Kyiv, was well enough attended to merit a police presence of several dozen officers.

5b. Former U.S. Agency for International Development (USAID) project officer Josh Cohen (involved in managing “economic reform projects” in the former Soviet Union) notes the growing threat of the far-right and neo-Nazis in Ukraine (it’s a little ironic). It highlights the threat that the institutionalized OUN/B successor groups pose to what democracy there is in Ukraine and makes the important point about dangers of these groups operating with impunity following one violent act after another. Cohen notes that the Interior Ministry is run by a guy who sponsors the Azov Battalion and his deputy minister is a neo-Nazi.

Josh Cohen is a former U.S. Agency for International Development project officer involved in managing economic reform projects in the former Soviet Union.

As Ukraine’s fight against Russian-supported separatists continues, Kiev faces another threat to its long-term sovereignty: powerful right-wing ultranationalist groups. These groups are not shy about using violence to achieve their goals, which are certainly at odds with the tolerant Western-oriented democracy Kiev ostensibly seeks to become.

The recent brutal stabbing of a left-wing anti-war activist named Stas Serhiyenko illustrates the threat posed by these extremists. Serhiyenko and his fellow activists believe the perpetrators belonged to the neo-Nazi group C14 (whose name comes from a 14-word phrase used by white supremacists). The attack took place on the anniversary of Hitler’s birthday, and C14’s leader published a statement that celebrated Serhiyenko’s stabbing immediately afterward.

According to a study from activist organization Institute Respublica, the problem is not only the frequency of far-right violence, but the fact that perpetrators enjoy widespread impunity. It’s not hard to understand why Kiev seems reluctant to confront these violent groups. For one thing, far-right paramilitary groups played an important role early in the war against Russian-supported separatists. Kiev also fears these violent groups could turn on the government itself — something they’ve done before and continue to threaten to do.

To be clear, Russian propaganda about Ukraine being overrun by Nazis or fascists is false. Far-right parties such as Svoboda or Right Sector draw little support from Ukrainians.

Even so, the threat cannot be dismissed out of hand. If authorities don’t end the far right’s impunity, it risks further emboldening them, argues Krasimir Yankov, a researcher with Amnesty International in Kiev. Indeed, the brazen willingness of Vita Zaverukha – a renowned neo-Nazi out on bail and under house arrest after killing two police officers — to post pictures of herself after storming a popular Kiev restaurant with 50 other nationalists demonstrates the far right’s confidence in their immunity from government prosecution.

It’s not too late for the government to take steps to reassert control over the rule of law. First, authorities should enact a “zero-tolerance” policy on far-right violence. President Petro Poroshenko should order key law enforcement agencies — the Interior Ministry, the National Police of Ukraine, the Security Service of Ukraine (SBU) and the Prosecutor Generals’ Office (PGO) — to make stopping far-right activity a top priority.

Most importantly, the government must also break any connections between law enforcement agencies and far-right organizations. The clearest example of this problem lies in the Ministry of Internal Affairs, which is headed by Arsen Avakov. Avakov has a long-standing relationship with the Azov Battalion, a paramilitary group that uses the SS symbol as its insignia and which, with several others, was integrated into the army or National Guard at the beginning of the war in the East. Critics have accused Avakov of using members of the group to threaten an opposition media outlet. As at least one commentator has pointed out, using the National Guard to combat ultranationalist violence is likely to prove difficult if far-right groups have become part of the Guard itself.

Avakov’s Deputy Minister Vadym Troyan was a member of the neo-Nazi Patriot of Ukraine (PU) paramilitary organization, while current Ministry of Interior official Ilya Kiva – a former member of the far-right Right Sector party whose Instagram feed is populated with images of former Italian fascist leader Benito Mussolini – has called for gays “to be put to death.” And Avakov himself used the PU to promote his business and political interests while serving as a governor in eastern Ukraine, and as interior minister formed and armed the extremist Azov battalion led by Andriy Biletsky, a man nicknamed the “White Chief” who called for a crusade against “Semite-led sub-humanity.”

Such officials have no place in a government based on the rule of law; they should go. More broadly, the government should also make sure that every police officer receives human rights training focused on improving the policing and prosecution of hate crimes. Those demonstrating signs of extremist ties or sympathies should be excluded.

In one notorious incident, media captured images of swastika-tattooed thugs — who police claimed were only job applicants wanting to have “fun” — giving the Nazi salute in a police building in Kiev. This cannot be allowed to go on, and it’s just as important for Ukrainian democracy to cleanse extremists from law enforcement as it is to remove corrupt officials from former president Viktor Yanukovych’s regime under Ukraine’s “lustration” policy. . . .

6. Sater collaborator Artemenko appears to have been part of the anti-Poroshenko phalanx in the Ukrainian fascist milieu.

. . . . Artemenko insists that his intentions in pushing a peace plan for Ukraine are in the country’s best interests. But political observers see his freelance diplomacy as part of a rising groundswell in Kiev against Poroshenko by opposition forces ahead of parliamentary and presidential elections scheduled for 2019.“Alliances are shifting in Ukraine right now against Poroshenko,” said Balazs Jarabik, a nonresident scholar at the Carnegie Endowment for International Peace. “All this diplomatic maneuvering in Washington needs to be viewed through this lens.”

Artemenko has emerged as a vocal critic of Poroshenko and says he has evidence showing corruption by the Ukrainian president. . . .

When a former business partner of President Donald Trump’s and a Ukrainian politician approached an ally of the administration with a “peace plan,” they were already at work on an energy trading deal. That deal, said one of the region’s leading energy policy experts, stood to benefit from the scheme the pair proposed to resolve the ongoing conflict in Ukraine.

Felix Sater, who worked obtaining financing for Trump projects including the Trump SoHo, told TPM that the “peace plan” came up in the course of his attempts to broker an agreement to sell energy abroad from Ukraine’s nuclear power plants with Andrii Artemenko, at the time a Ukrainian parliamentarian. The plan was to refurbish dilapidated nuclear power plants in that country and then sell the power generated by them into Eastern Europe, using established commodities trading companies as a means of retroactively financing the deal, Sater said.

The business proposition would help break the Russian monopoly on energy, according to Sater. But Artemenko’s political proposal would have had Ukrainian voters decide whether to lease Crimea to Russia for 50 or 100 years—an idea encouraged by advisors to Russian president Vladimir Putin, and so offensive to his country’s government that Ukrainian prosecutors accused Artemenko of treasonous conspiring with Russia after the peace plan was first reported earlier this year.

It’s been widely reported that Sater and Artemenko met with Michael Cohen, who was then Trump’s personal lawyer and who has known Sater since he was a teenager, in January; under discussion was the peace plan, which would have paved a path for the U.S. to lift sanctions on Russia. Cohen has given conflicting statements about his involvement. Sater said he came to be involved in the scheme through Artemenko.

“We were trying to do a business deal at the same time,” Sater told TPM. “We were working on a business deal for about five months, and he kept telling me about the peace deal, and as the Trump administration won, that’s when I delivered it [the peace deal] to them.”

He insisted the political and business propositions were unrelated, other than each involving himself and Artemenko as primary players.

Sater had worked brokering major deals internationally for some time after the 1996 dissolution of White Rock, a firm at the center of a pump-and-dump securities fraud scandal that led to Sater’s conviction for fraud. Instead of going to prison, Sater paid a fine and went to work as an FBI informant. Those deals included a job for AT&T in Russia, as previously reported by Mother Jones, where Sater says the company was “trying to expand.”

Sater said the business proposition with Artemenko “was to try to rehabilitate the existing nuclear power plants in the Ukraine and build new ones using either U.S. or Canadian [companies] like GE, or the Koreans.” Ukraine’s history with nuclear power includes the Chernobyl disaster, and Sater noted that the aging plants needed refurbishment in order to continue working without another incident. Otherwise, he noted, “they’re ready to [have] another Chernobyl any day now.”

The pair further planned “to sell the excess power to [international energy companies] Trafigura or Vitol to sell the power to Eastern Europe, and in that way finance the plants,” Sater explained. He named Poland and Belarus as two potential state clients.

“It was a way to break the energy monopoly the Russians have,” he said.

Chi Kong Chyong, director of the Energy Policy Forum at Cambridge University’s Energy Policy Research Group, told TPM that energy independence from Russia was indeed a pressing issue in Ukraine, and noted a peace deal would ease the kind of international transaction Sater and Artemenko were proposing.

Sources close to the matter told TPM that there were no records of any current conversations between Sater or Artemenko and American industrial conglomerate GE. Trafigura and Vitol are trading houses that deal heavily in energy; Victoria Dix, a spokeswoman for Trafigura, said there was “no element of truth whatsoever” to any suggestion that Sater was pursuing a proposal with the company. Andrea Schlaepfer, a spokeswoman for Vitol, said, “We don’t comment on commercial activities.” Neither the Ukrainian Embassy nor the Consulate immediately responded to requests for comment.

…

For Artemenko, the fallout from the January meeting with Sater and Cohen was immediate and severe. He was expelled from his Verkhovna Rada political party the day after the New York Times reported the meeting, and by May, Ukrainian President Petro Poroshenko had stripped him of his citizenship.

For his part, Sater said he had nothing to do with the documents filled with damaging information on Ukrainian politicians, including Poroshenko, that Artemenko reportedly brought to the January meeting. “I never saw them,” Sater said, adding that Cohen might have thrown them in trash but he wasn’t sure. “I don’t want to get into it.”

Whether Sater and Artemenko’s energy trading plan was well underway or simply in the proposal stage by the time of the meeting, it would have been an easier sell with Artemenko’s Putin-approved ceasefire in place, according to Chyong.

“Any military conflict in your neighborhood or close to you affects the transaction cost of arranging commercial deals, whether that is between Ukraine and the eastern [EU, where Poland lies] or Ukraine and Belarus, for example,” Chyong said. “It increases the transactional costs. The conflict itself, of course, forces the Ukraine to think about other ways and other sources of importation of energy—gas and electricity trading.”

Exporting energy from Ukraine would be easiest to places like Belarus and Russia, Chyong noted. Old electrical grids are among the strongest remaining ties between former Soviet bloc states and Russia itself; Ukraine hopes to break them by 2025, something Sater said he hoped he could help along. . .

7b. Of more than passing interest is the CV of Robert Armao, one of the intended collaborators in the Sater/Artemenko anti-Russian plot to replace the old Soviet power grid in Eastern Europe. Robert Armao:

” . . . . served as labor counsel to the late Vice President Nelson Rockefeller in the early 1970s. . . .”

” . . . . once advised individuals who were working with former Ukrainian president Viktor Yushchenko during the Orange Revolution protests of 2004-2005. . . .”

. . . . Evidently Sater and Artemenko were seeking the assistance of a third person who attended the breakfast, Robert Armao — a well-connected international businessman who served as labor counsel to the late Vice President Nelson Rockefeller in the early 1970s. Armao says that Sater, whom he’d never met or spoken with prior to last fall, reached out to him through a mutual friend. . . .

. . . . Armao was invited to the New York meeting because he’s a longtime expert on Ukraine. He says he once advised individuals who were working with former Ukrainian president Viktor Yushchenko during the Orange Revolution protests of 2004-2005. During the October 7 breakfast, Armao says he was asked whether he could intercede with Ukraine’s current energy minister in an attempt to revive a contract that Kiev had signed with South Korea to bring the nuclear plants up to global standards. . . .

. . . . In late March, then-FBI director James Comey was asked about Sater’s relationship with the FBI when he appeared before the House Intelligence Committee. Comey declined to comment, presumably because Sater spent a decade as a secret government cooperator for both the FBI and at times, the CIA. But in 2015, during her confirmation hearing for the post of U.S. Attorney General, Loretta Lynch offered a teaser. In response to a written question about Sater by Senator Orrin Hatch, she stated that his [decade-long] assistance as a federal cooperator was “crucial to national security.” . . . .

Bill Clinton’s last minute pardon of Rich was investigated by former FBI chief James Comey and a long-silent Bureau Twitter account became active shortly before the election, tweeting about Marc Rich. (We discussed this inFTR #939.

. . . .The prisoner, Dr. Francesco Pazienza, a 39-year-old nonpracticing physician, has long been a subject of keen interest in Italy, where his name has also cropped up in investigations of the shooting of Pope John Paul II and of the purported plottings of a rightist underground. . . .

. . . As recently as last year, Dr. Pazienza said, he sought to be helpful to the Americans by trying to negotiate a renewal of the lease for a United States intelligence tracking station in the Seychelles. He said he and two partners were then exploring an oil venture with the Indian Ocean island nation off the east coast of Africa.

He identified the partners as Robert Armao and Marc Rich. Mr. Rich is a commodities broker now under criminal investigation in the United States in connection with tax evasion charges, for which he has already paid a $200 million civil settlement.

Mr. Armao, head of a New York public relations company and a former adviser to the Shah of Iran, largely confirmed Mr. Pazienza’s account. But he said that while a Marc Rich subsidiary had been involved in their discussions, the oil venture never came about. . . .

. . . . Still, it’s a pretty alarming situation regardless of who was behind it, in part because it’s an example of how potentially vulnerable things like nuclear plants are to any hacker, state-backed or not:

. . . . Still, the source said a well-resourced attacker could try sneaking in thumb drives, planting an insider or even landing a drone equipped with wireless attack technology into a nuclear generation site. Reports indicate that the infamous Stuxnet worm, which damaged Iranian nuclear centrifuges in the late 2000s, probably snuck in on removable media. Once inside the “air gapped” target network, Stuxnet relied on its own hard-coded instructions, rather than any remote commands sent in through the internet, to cause costly and sensitive nuclear equipment to spin out of control. . . .”

A sophisticated group of hackers has targeted U.S. nuclear plants in a wide-ranging hacking campaign since at least May, according to multiple U.S. authorities.

The hackers tried to steal usernames and passwords in the hope of burrowing deep into nuclear power networks, in addition to other utility and manufacturing targets.

But the Department of Homeland Security, the FBI, sources familiar with the ongoing investigation and nonpublic government alerts told E&E News that heavily guarded nuclear safety systems were left unscathed by any recent cyber intrusions. Experts say the evidence so far points to a remote threat that, while advanced, likely could not have leaped from corporate business networks to the critical but isolated computer networks keeping nuclear reactors operating safely.

Still, the question that lingers is, who did it?

Suspicion has fallen on hackers with ties to Russia, in part because of past intrusions into U.S. companies and for Russia-linked attacks on Ukraine’s power grid in 2015 and 2016.

Ukrainian security services laid the blame for the grid hacks at Russian President Vladimir Putin’s feet. Several private U.S. cybersecurity companies have also drawn links between energy industry-focused hacking campaigns with names like “Energetic Bear” back to Russian intelligence services.

The Washington Postreported Saturday that U.S. government officials have already pinned the recent nuclear cyber intrusions on Russia.

Analysts remain quick to tamp down assertions that Russia’s fingerprint on the latest attack is a sure thing.

Without mentioning any nation-state by name, former Energy Secretary Ernest Moniz noted on Twitter that “these ‘advanced persistent threats’ have long worried U.S. intelligence officials — and recent events prove they are very real.”

Referencing reports of the recent nuclear cyber incidents, he added, “These breaches make plain that foreign actors are looking for ways to exploit US grid vulnerabilities. We saw this coming.”

If U.S. intelligence agencies confirm Russian security services were involved in the attack on nuclear plants, tensions with Moscow could escalate. In a Twitter comment that attracted bipartisan ridicule, President Trump yesterday morning said that he and Putin had agreed to create an “impenetrable Cyber Security unit” to guard against hacking, only to apparently reverse his position hours later and suggest such an arrangement “can’t” happen.

…

Sen. Maria Cantwell (D-Wash.), ranking member of the Senate Energy and Natural Resources Committee, reiterated her calls for the White House to assess energy-sector cyber vulnerabilities and abandon proposed budget cuts at the Department of Energy. “The disturbing reports of the past 24 hours indicate that our adversaries are trying to take advantage of the very real vulnerabilities of our energy infrastructure’s cyber defenses,” she said Friday.

Drawing from the Ukraine playbook

In 2015, a group of hackers set sights on several Ukrainian electric distribution companies. The intruders broke into the utilities’ business networks with “phishing” emails designed to lure employees into clicking on a document laced with malware.

From there, the attackers mapped out their victims’ computer systems, even gaining access to the virtual private network utility workers used to remotely operate parts of Ukraine’s electric grid.

On Dec. 23, 2015, after months of waiting and spying, the hackers struck, logging onto the operational network and flipping circuit breakers at electric substations. They succeeded in cutting power to several hundred thousand Ukrainian citizens for a few hours in what became the first known cyberattack on a power grid in the world.

At first glance, the latest nuclear hackers appear to have drawn from the same playbook.

They used a “fairly creative” phishing email to gain a foothold on targeted networks, according to Craig Williams, senior technical leader and global outreach manager for Cisco Talos, a cybersecurity research division of Cisco Systems Inc.

Instead of stowing malware in the Word document itself, the hackers tweaked a control engineer’s résumé into beaconing out to a malicious server via a Microsoft communications protocol called Server Message Block. The cyber intruders could then swipe fragments of SMB traffic containing the victims’ login information to set up an authorized connection to the targeted network and move on from there, Williams explained.

The technique points to “attackers who are dedicated and who’ve done their research,” he noted.

While Williams said Cisco had detected a variety of energy companies hit by the phishing emails, he pointed out that “the nuclear sector is extremely hardened.”

Getting blocked

Nuclear power plant operators have to abide by their own set of cybersecurity rules established by the Nuclear Regulatory Commission. Following its most recent cybersecurity audits in 2015, the NRC reported “several very low security significance violations of cyber security plan requirements.”

None of those violations could have resulted in an imminent threat to nuclear safety, the regulator said.

The NRC plans to ramp up cybersecurity inspections later this year. The agency has declined to comment on reports of the recent cyber breaches at nuclear power generation sites.

Nuclear power companies have had to account for the possibility of a cyberattack on their safety systems since 2002, according to NRC guidance.

Electric utilities typically adhere to a three-step model for protecting their most sensitive systems from hackers. At a basic level, this setup involves an information technology network — such as a utility’s internet-connected corporate headquarters — and an operational network that includes grid control systems. Companies typically add a third layer or “demilitarized zone” bridging those two sides of the business, replete with firewalls, cybersecurity technologies and other safeguards.

Nuclear operators add at least two more layers to that model, drawing lines among the public internet, the corporate network, onsite local area networks, industrial “data acquisition” networks and, finally, the core safety system overseeing radioactive materials, based on government guidelines.

In the U.S., safety systems are often still “analogue,” having originally been built in the 1980s or earlier, before the recent spread of web-connected technologies.

Within that last, critical zone — Level 4 in nuclear industry parlance — tight physical controls prevent phones and USB drives from getting in; and operational data is designed to flow only outward through “data diodes,” with no potential for online commands to enter from the public internet or even the site’s own local area network.

“Anybody ever reports that somebody got a connection from the internet directly or indirectly into the heart of a nuclear control system is either full of crap, or is revealing a massive problem with some particular site, because there should be physically no way for that to actually be possible,” said Andrew Ginter, vice president of Waterfall Security Solutions, which markets one such “unidirectional gateway” or data diode to the U.S. nuclear sector. “To me, it’s almost inconceivable.”

Marty Edwards, managing director of the Automation Federation, who until last month headed a team of industrial control security specialists at DHS, generally agreed that a remote connection would be nearly impossible to achieve. “When we tested those kinds of [one-way] devices in the lab, we found that you couldn’t circumvent any of them, basically, because they’re physics-based,” he said. “There’s no way to manipulate that stream.”

One source familiar with nuclear information technology practices, who agreed to speak about security matters on condition of anonymity, said that “in order to have a catastrophic impact, you have to get by the human in the control room” — no easy feat. “You’re talking workers who are regularly screened for insider [threat] indicators and psychological stability.”

Still, the source said a well-resourced attacker could try sneaking in thumb drives, planting an insider or even landing a drone equipped with wireless attack technology into a nuclear generation site. Reports indicate that the infamous Stuxnet worm, which damaged Iranian nuclear centrifuges in the late 2000s, probably snuck in on removable media. Once inside the “air gapped” target network, Stuxnet relied on its own hard-coded instructions, rather than any remote commands sent in through the internet, to cause costly and sensitive nuclear equipment to spin out of control.

But the source, who had reviewed recent DHS and FBI warnings about recent nuclear cyberthreats, added that there was no indication the actor behind it got close to nuclear operators’ crown jewels.

“To get around the data diodes and all the other defenses, it’d be unprecedented at this point,” at least from a U.S. perspective, said the source.

Would it even be possible?

“Maybe if you’re Vladimir Putin,” the source said.

9. Devon Arthurs – a neo-Nazi-turned-Muslim–murdered two of his neo-Nazi roommates back in May. Brandon Russell – Arthurs’s surviving third roommate, was found with bomb-making materials, radioactive substances and a framed picture of Timothy McVeigh after police searched their residence. Russell planned to sabotage a nuclear power plant

Russell, we note, was in the National Guard. In the Nazi tract Serpent’s Walk, a book we feel is–like The Turner Diaries–is intended as a teaching tool, operational blueprint and manifesto, the Underground Reich infiltrates the military, gains effective control of the opinion forming media and, following a series of WMD strikes blamed on Russia and a declaration of martial law, the Nazis take over the United States.

Brandon Russell, a National Guardsman and self-described neo-Nazi, had plans to blow up power lines in the Florida Everglades and launch explosives into a nuclear power plant near Miami, his roommate Devon Arthurs told police.

Prosecutors on Tuesday played portions of a recorded interrogation Arthurs gave in the hours immediately after he was arrested in the killings of Jeremy Himmelman and Andrew Oneschuk.In the video, Arthurs offers a justification for the killings, claiming that Russell, the surviving roommate, was preparing to commit acts of terrorism.

“The things they were planning were horrible,” Arthurs said. “These people were not good people.”

The U.S. Attorney’s Office presented the video excerpts in an effort to get U.S. Magistrate Judge Thomas B. McCoun III to revoke an order granting Russell bail, arguing that he poses a danger to the community.

Late Tuesday, the judge stayed the order. Russell will remain jailed while the judge reconsiders the issue.

Russell, 21, faces explosives charges after bombmaking materials were found at his Tampa Palms apartment May 19 during the murder investigation. Arthurs, separately, has been charged with two counts of first-degree murder in state court.

In the video, Arthurs sits beside a table in a white-walled interrogation room, his right leg resting over his left knee. He gestures with both hands as he casually describes Russell’s neo-Nazi beliefs and supposed plans to commit terrorist acts.

He said Russell studied how to build nuclear weapons in school and is “somebody that literally has knowledge of how to build a nuclear bomb.”

When a Tampa police detective asked Arthurs if his friends had any specific terrorist intentions, he said they had a plan to blow up power lines along Alligator Alley, the stretch of Interstate 75 linking Naples with Fort Lauderdale.

He also said they had a plan to fire mortars loaded with nuclear material into the cooling units of a nuclear power plant near Miami.

He said the damage would cause “a massive reactor failure” and spread “irradiated water” throughout the ocean.

“Think about a BP oil spill, except it wipes out parts of the eastern seaboard,” Arthurs said.

The detective asked why they wanted to do these things.

“Because they wanted to build a Fourth Reich,” Arthurs said. He said Russell idolized Oklahoma City bomber Timothy McVeigh.

“He said the only thing McVeigh did wrong was he didn’t put enough material into the truck to bring the whole building down.”

Assistant U.S. Attorney Josephine Thomas noted during the hearing that the Turkey Point Nuclear Generating Station is near Miami.She also noted that when bomb squad members arrived at Russell’s apartment, their pagers alerted them to the presence of “two radiation sources.” The criminal complaint says those were thorium and americium, both radioactive metals.

Russell’s defense attorney, Ian Goldstein, noted that authorities have not charged him with possession of nuclear materials.

…

Goldstein questioned Arthurs’ credibility.

“Devon Arthurs is a person who just murdered two individuals, who is desperate to save himself, and, quite frankly, I think he is a few cards short of a full deck,” Goldstein said. “I hope the government brings Mr. Arthurs to the trial as their prime witness. He’s insane.”

Arthurs, according to court records, admitted to the killings, saying Himmelman and Oneschuk had disrespected his conversion to Islam.

“I was like, ‘How could I have done this?’ ” he said in the video played Tuesday. “If I hadn’t done that, there would be a lot more people dead than just these two guys in this organization.”

10. Surviving National Guardsman/Nazi Russell admitted to belonging to a group call Atomwaffen, which is German for “atomic weapon”.

Russell, and the rest of Atomwaffen, received a wringing endorsement from brilliant Nazi hacker Andrew Auerenheimer. Yes, Auernheimer, who happens to be the kind of skilled hacker who actually might have the ability to trigger a nuclear melt down someday, wrote about the whole incident on The Daily Stormer. According to Auernheimer, the two killed roommates were “friends of friends” and the “Atomwaffen are a bunch of good dudes. They’ve posted tons of fliers with absolutely killer graphics at tons of universities over the years. They generally have a lot of fun and party.”

A man told police he killed his two roommates because they were neo-Nazis who disrespected his recent conversion to Islam, and investigators found bomb-making materials and Nazi propaganda after he led them to the bodies.

Devon Arthurs, 18, told police he had until recently shared his roommates’ neo-Nazi beliefs, but that he converted to Islam, according to court documents and a statement the Tampa Police Department released Monday. . . .

. . . . In the apartment with the victims’ bodies on Friday, investigators found Nazi and white supremacist propaganda; a framed picture of Oklahoma City bomber Timothy McVeigh; and explosives and radioactive substances, according to the court documents.

They also found a fourth roommate, Brandon Russell, crying and standing outside the apartment’s front door in his U.S. Army uniform.

“That’s my roommate (Russell). He doesn’t know what’s going on and just found them like you guys did,” Arthurs told the police officers, according to the report.

Federal agents arrested Russell, 21, on Saturday on charges related to the explosives.

The FBI said Russell “admitted to his neo-Nazi beliefs” and said he was a member of a group called Atomwaffen, which is German for “atomic weapon.”

Major Caitlin Brown, spokeswoman for the Florida National Guard, confirmed Russell was a current member of the Florida National Guard. But she couldn’t immediately provide any other information.

Arthurs started the chain of events on Friday when he held two customers and an employee hostage at gunpoint at a Tampa smoke shop, police said. He was complaining about the treatment of Muslims.

“He further informed all three victims that he was upset due to America bombing his Muslim countries,” police Detective Kenneth Nightlinger wrote in his report.

Officers talked Arthurs into letting the hostages go and dropping his weapon, and took him into custody.

While in custody, police said Arthurs started talking about killing two people, and then he directed them to a condominium complex where the four roommates shared an apartment.

“I had to do it,” Arthurs told police. “This wouldn’t have had to happen if your country didn’t bomb my country.”

Inside the apartment, the officers found the bodies of 22-year-old Jeremy Himmelman and 18-year-old Andrew Oneschuk. Both had been shot.

Police called in the FBI and a bomb squad, which found enough explosives to constitute a bomb, according to federal agents.

At first, Russell told agents he kept the explosives from his days in an engineering club at the University of South Florida in 2013, and that he used the substances to boost homemade rockets. The agents wrote that the substance found was “too energetic and volatile for these types of uses.”

Russell has been charged with possession of an unregistered destructive device and unlawful storage of explosive material. Court records did not list an attorney for him.

Andrew Auernheimer, a notorious computer hacker and internet troll, wrote a post about the killings for The Daily Stormer, a leading neo-Nazi website.

Auernheimer, known online as “weev,” said in Sunday’s post that he knew the shooting suspect and both of the shooting victims. He said he banned Arthurs from The Daily Stormer’s Discord server, an online forum, for posting “Muslim terrorist propaganda” earlier this year.

“He came in to convert people to Islam,” Auernheimer said during a telephone interview Monday. “It didn’t work out very well for him.”

Auernheimer described Himmelman and Oneschuk as “friends of friends” and said they belonged to the Atomwaffen group.

“Atomwaffen are a bunch of good dudes. They’ve posted tons of fliers with absolutely killer graphics at tons of universities over the years. They generally have a lot of fun and party,” he wrote.

———-

11. If any neo-Nazi hacker is capable of successfully taking down a nuclear plant, perhaps as part of a larger coordinated neo-Nazi attack or or just on his own, it’s Auernheimer.

In extremist circles, there appears to be a bump of interest in Timothy James McVeigh.

Yes, that Timothy McVeigh. The guy who used a Ryder truck to bomb the Alfred P. Murrah Federal Building in Oklahoma City on April 19, 1995, killing 168 innocent children and adults and wounding more than 600 others.

His act 22 years ago, for those who may have forgotten, was the deadliest terrorist attack in the United States before the attacks of Sept. 11, 2001.

McVeigh was convicted of terrorism and executed just three months before those attacks.

His name and heinous crime are not forgotten, nor should they be, while there seems to be a growing admiration for McVeigh in some extremist circles. One militia honcho even likened McVeigh to Jesus Christ.

Check out these recent mentions of McVeigh:

In mid-May, police in Tampa, Florida, responded to the scene of a double-murder involving young, self-described neo-Nazis.

Brandon Russell, who shared the apartment with the murder suspect, was charged with possession of bomb-making materials and chemicals, including ammonium nitrate – the same kind of material used by McVeigh.

In Russell’s bedroom at the apartment he shared with the murder suspect and the two slain neo-Nazis, police found a framed photograph of Timothy McVeigh. Russell, who’s in custody, hasn’t publicly explained that fascination.

…

More recently, neo-Nazi Andrew ‘Weev’ Auernheimer, who writes for the racist web site “Daily Stormer,” said he was serious in proposing a crowd-funding account to raise money to build a “permanent monument” in a memorial grove honoring McVeigh.

“Think of it, a gigantic bronze statue of Timothy McVeigh poised triumphantly atop a Ryder truck, arms raised as if to form an Algiz rune from his body, with a plaque that states the honest truth,” Auernheimer wrote. “Nothing would be a greater insult to these pizza-party guarding federal swine than a permanent monument honoring [McVeigh’s] journey to Valhalla or Fólkvangr atop the piles of their corpses.”

“I am not joking,” Auernheimer wrote. “This should be done. Imagine how angry it would make people.”

…

———-

12. Is it possible that the “command & control” server used in the DNC server hacks was not only hacked and under 3rd party control during the 2015-2016 DNC hack but also the 2015 Bundestag hack? As we’re going to see, it’s possible.

First, here’s something to keep in mind regarding the German government’s public attribution in mid-May of 2016 that APT28/Fancy Bear is a Russian government hacking group and was responsible for 2015 Bundestag hack: As security analyst Jeffrey Carr notes in the piece below, when Germany’s domestic intelligence agency, the BfV, issued a report in January of 2016 that attributed both APT28 and APT29 to the Russian government, the report didn’t appear to reference any classified information. The conclusions appeared to be based on exactly the same kind of technical ‘clues’ that were used for attribution in the 2016 DNC hacks. And as Carr also points out, relying on those technical ‘clues’ is a rather clueless way to go about attribution:

“While it’s natural to think of Sofacy as a group of individuals, it’s more like a group of technical indicators which include tools, techniques, procedures, target choices, countries of origin, and of course, people. Since most bad actors operate covertly, we are highly dependent on the forensics. Since many of the tools used are shared, and other indicators easily subverted, the forensics can be unreliable.”

When cybersecurity firms publish reports about some “APT” (Advanced Persistent Threat) group, they’re not actually reporting on a specific group. They’re reporting on similar technical indicators that suggest an attack could have been the same group that did a previous hack and nothing more than that.

If those technical indicators include code that’s available to 3rd party hackers and servers that have already been hacked or show vulnerabilities to hacking, as is the case with the 176.31.112[.]10 Command & Control server used by “APT28” in both the DNC server hack and the Bundestag hack (with that IP address hard coded in both cases), those technical indicators are indicative of very little other than some group might be up to their old tricks or some other group is copying (or framing) them:

…
Problem #1: The IP address 176.31.112[.]10 used in the Bundestag breach as a Command and Control server has never been connected to the Russian intelligence services. In fact, Claudio Guarnieri, a highly regarded security researcher, whose technical analysis was referenced by Rid, stated that “no evidence allows to tie the attacks to governments of any particular country.”

Problem #2: The Command & Control server (176.31.112.10) was using an outdated version of OpenSSL vulnerable to Heartbleed attacks. Heartbleed allows attackers to exfiltrate data including private keys, usernames, passwords and other sensitive information.

The existence of a known security vulnerability that’s trivial to exploit opens the door to the possibility that the systems in question were used by one rogue group, and then infiltrated by a second rogue group, making the attribution process even more complicated. At the very least, the C2 server should be considered a compromised indicator.
…

“The existence of a known security vulnerability that’s trivial to exploit opens the door to the possibility that the systems in question were used by one rogue group, and then infiltrated by a second rogue group, making the attribution process even more complicated. At the very least, the C2 server should be considered a compromised indicator.”

Yet, despite these glaring issues with the technical indicators, when Germany’s BfV issued a report in January of 2016 pinning the blame for the Bundestag hacks on the GRU and FSB is an assumption based on technical indicators alone:

..
Problem #3: The BfV published a newsletter in January 2016 which assumes that the GRU and FSB are responsible because of technical indicators, not because of any classified finding; to wit: “Many of these attack campaigns have each other on technical similarities, such as malicious software families, and infrastructure—these are important indicators of the same authorship. It is assumed that both the Russian domestic intelligence service FSB and the military foreign intelligence service GRU run cyber operations.”
…

It looks like the BfV’s attribution that the Russian government was behind the “APT28” Bundestag hack was anything but solid.

Don’t forget that the attribution of the Bundestag hack is A LOT easier to make than the attribution of the DNC server hack. Why? Because after the Bundestag hack happen there was lots of discussion of it in the cybersecurity press, and that included discussion of how the Command & Control server at the 176.31.112[.]10 IP address was vulnerable to the Heartbleed attack.

Yesterday, Professor Thomas Rid (Kings College London) published his narrative of the DNC breach and strongly condemned the lack of action by the U.S. government against Russia.

Susan Hennessey, a Harvard-educated lawyer who used to work at the Office of the General Counsel at NSA called the evidence “about as close to a smoking gun as can be expected where a sophisticated nation state is involved.”

Then late Monday evening, the New York Times reported that “American intelligence agencies have “high confidence” that the Russian government was behind the DNC breach.

It’s hard to beat a good narrative “when explanations take such a dreadful time” as Lewis Carroll pointed out. And the odds are that nothing that I write will change the momentum that’s rapidly building against the Russian government.

Still, my goal for this article is to address some of the factual errors in Thomas Rid’s Vice piece, provide some new information about the capabilities of independent Russian hackers, and explain why the chaos at GRU makes it such an unlikely home for an APT group.

Fact-Checking The Evidence

Thomas Rid wrote:

One of the strongest pieces of evidence linking GRU to the DNC hack is the equivalent of identical fingerprints found in two burglarized buildings: a reused command-and-control address?—?176.31.112[.]10?—?that was hard coded in a piece of malware found both in the German parliament as well as on the DNC’s servers. Russian military intelligence was identified by the German domestic security agency BfV as the actor responsible for the Bundestag breach. The infrastructure behind the fake MIS Department domain was also linked to the Berlin intrusion through at least one other element, a shared SSL certificate.

This paragraph sounds quite damning if you take it at face value, but if you invest a little time into checking the source material, its carefully constructed narrative falls apart.

Problem #1: The IP address 176.31.112[.]10 used in the Bundestag breach as a Command and Control server has never been connected to the Russian intelligence services. In fact, Claudio Guarnieri, a highly regarded security researcher, whose technical analysis was referenced by Rid, stated that “no evidence allows to tie the attacks to governments of any particular country.”

Problem #2:The Command & Control server (176.31.112.10) was using an outdated version of OpenSSL vulnerable to Heartbleed attacks. Heartbleed allows attackers to exfiltrate data including private keys, usernames, passwords and other sensitive information.

The existence of a known security vulnerability that’s trivial to exploit opens the door to the possibility that the systems in question were used by one rogue group, and then infiltrated by a second rogue group, making the attribution process even more complicated. At the very least, the C2 server should be considered a compromised indicator.

Problem #3: The BfV published a newsletterin January 2016 which assumes that the GRU and FSB are responsible because of technical indicators, not because of any classified finding; to wit: “Many of these attack campaigns have each other on technical similarities, such as malicious software families, and infrastructure—these are important indicators of the same authorship. It is assumed that both the Russian domestic intelligence service FSB and the military foreign intelligence service GRU run cyber operations.”

Professor Rid’s argument depended heavily on conveying hard attribution by the BfV even though the President of the BfV didn’t disguise the fact that their attribution was based on an assumption and not hard evidence.

Personally, I don’t want to have my government create more tension in Russian-U.S. relations because the head of Germany’s BfV made an assumption.

In intelligence, as in other callings, estimating is what you do when you do not know. (Sherman Kent)

When it came to attributing Fancy Bear to the GRU, Dmitry Alperovich used a type of estimative language because there was no hard proof: “Extensive targeting of defense ministries and other military victims has been observed, the profile of which closely mirrors the strategic interests of the Russian government, and may indicate affiliation with ??????? ???????????????? ?????????? (Main Intelligence Department) or GRU, Russia’s premier military intelligence service.”

For Cozy Bear’s attribution to the FSB, Dmitrysimply observed that there were two threat actor groups operating at the same time while unaware of each other’s presence. He noted that the Russian intelligence services also compete with each other, therefore Cozy Bear is probably either the FSB or the SVR: “we observed the two Russian espionage groups compromise the same systems and engage separately in the theft of identical credentials. While you would virtually never see Western intelligence agencies going after the same target without de-confliction for fear of compromising each other’s operations, in Russia this is not an uncommon scenario.”

The Fidelis report on the malware didn’t mention the GRU or FSB at all. Their technical analysis only confirmed the APT groups involved: “Based on our comparative analysis we agree with CrowdStrike and believe that the COZY BEAR and FANCY BEAR APT groups were involved in successful intrusions at the DNC.”

When it came to attributing the attack to the Russian intelligence services, Fidelis’ Mike Buratowski told reporter Michael Heller: “In a situation like this, we can’t say 100% that it was this person in this unit, but what you can say is it’s more probable than not that it was this group of people or this actor set.”

As Mark Twain said, good judgment comes from experience, and experience comes from bad judgment. The problem with judgment calls and attribution is that since there’s no way to be proven right or wrong, there’s no way to discern if one’s judgment call is good or bad.

The metadata in the leaked documents are perhaps most revealing: one dumped document was modified using Russian language settings, by a user named “?????? ??????????,” a code name referring to the founder of the Soviet Secret Police

OK. Raise your hand if you think that a GRU or FSB officer would add Iron Felix’s name to the metadata of a stolen document before he released it to the world while pretending to be a Romanian hacker. Someone clearly had a wicked sense of humor.

This is a partial spreadsheet for Russian APT threat groups. The one for China is about four times as big. If it looks confusing, that’s because it is. There is no formal process for identifying a threat group. Cybersecurity companies like to assign their own naming conventions so you wind up having multiple names for the same group. For example, CrowdStrike’s Fancy Bear group has the primary name of Sofacy, and alternative names of APT28, Sednit, Pawn Storm, and Group 74.

While it’s natural to think of Sofacy as a group of individuals, it’s more like a group of technical indicators which include tools, techniques, procedures, target choices, countries of origin, and of course, people. Since most bad actors operate covertly, we are highly dependent on the forensics. Since many of the tools used are shared, and other indicators easily subverted, the forensics can be unreliable.

Non-Government Russian Hacker Groups

Russia’s Ministry of Communication reportedthat Russian cybercriminals are re-investing 40% of the millions of dollars that they earn each year in improving their technology and techniques as they continue to target the world’s banking system. Kaspersky Lab estimated earnings for one 20 member group at $1 billion over a three year period.

A common (and erroneous) rationale for placing the blame of a network breach on a nation state is that independent hacker groups either don’t have the resources or that stolen data doesn’t have financial value. These recent reports by Kaspersky Lab and Russian Ministry of Communication make it clear that money is no object when it comes to these independent groups, and that sophisticated tools and encryption methods are constantly improved upon, just as they would be at any successful commercial enterprise or government agency.

That, plus the occasional cross-over between independent Russian hackers and Russia’s security services makes differentiation between a State and non-State threat actor almost impossible. For that reason alone, it should be incumbent upon policymakers and journalists to question their sources about how they know that the individuals involved are part of a State-run operation.

A Nightmare Scenario

“Indeed, there will be some policymakers who could not pass a rudimentary test on the “facts of the matter” but who have the strongest views on what the policy should be and how to put it into effect.” (Sherman Kent)

…

Here’s my nightmare. Every time a claim of attribution is made—right or wrong—it becomes part of a permanent record; an un-verifiable provenance that is built upon by the next security researcher or startup who wants to grab a headline, and by the one after him, and the one after her. The most sensational of those claims are almost assured of international media attention, and if they align with U.S. policy interests, they rapidly move from unverified theory to fact.

Because each headline is informed by a report, and because indicators of compromise and other technical details are shared between vendors worldwide, any State or non-State actor in the world will soon have the ability to imitate an APT group with State attribution, launch an attack against another State, and generate sufficient harmful effects to trigger an international incident. All because some commercial cybersecurity companies are compelled to chase headlines with sensational claims of attribution that cannot be verified.

I encourage my colleagues to leave attribution to the FBI and the agencies of the Intelligence Community, and I implore everyone else to ask for proof, even from the U.S. government, whenever you read a headline that places blame on a foreign government for an attack in cyberspace.

Discussion

8 comments for “FTR #967 Update on Ukrainian Fascism, the “Russia-Gate” Psy-Op and the Possibility of a Third World War”

North Korea’s success in testing an intercontinental ballistic missile that appears able to reach the United States was made possible by black-market purchases of powerful rocket engines probably from a Ukrainian factory with historical ties to Russia’s missile program, according to an expert analysis being published Monday and classified assessments by American intelligence agencies.

The studies may solve the mystery of how North Korea began succeeding so suddenly after a string of fiery missile failures, some of which may have been caused by American sabotage of its supply chains and cyberattacks on its launches. After those failures, the North changed designs and suppliers in the past two years, according to a new study by Michael Elleman, a missile expert at the International Institute for Strategic Studies.

Such a degree of aid to North Korea from afar would be notable because President Trump has singled out only China as the North’s main source of economic and technological support. He has never blamed Ukraine or Russia, though his secretary of state, Rex W. Tillerson, made an oblique reference to both China and Russia as the nation’s “principal economic enablers” after the North’s most recent ICBM launch last month.

Analysts who studied photographs of the North’s leader, Kim Jong-un, inspecting the new rocket motors concluded that they derive from designs that once powered the Soviet Union’s missile fleet. The engines were so powerful that a single missile could hurl 10 thermonuclear warheads between continents.

Those engines were linked to only a few former Soviet sites. Government investigators and experts have focused their inquiries on a missile factory in Dnipro, Ukraine, on the edge of the territory where Russia is fighting a low-level war to break off part of Ukraine. During the Cold War, the factory made the deadliest missiles in the Soviet arsenal, including the giant SS-18. It remained one of Russia’s primary producers of missiles even after Ukraine gained independence.

But since Ukraine’s pro-Russian president, Viktor Yanukovych, was removed from power in 2014, the state-owned factory, known as Yuzhmash, has fallen on hard times. The Russians canceled upgrades of their nuclear fleet. The factory is underused, awash in unpaid bills and low morale. Experts believe it is the most likely source of the engines that in July powered the two ICBM tests, which were the first to suggest that North Korea has the range, if not necessarily the accuracy or warhead technology, to threaten American cities.

“It’s likely that these engines came from Ukraine — probably illicitly,” Mr. Elleman said in an interview. “The big question is how many they have and whether the Ukrainians are helping them now. I’m very worried.”

Bolstering his conclusion, he added, was a finding by United Nations investigators that North Korea tried six years ago to steal missile secrets from the Ukrainian complex. Two North Koreans were caught, and a U.N. report said the information they tried to steal was focused on advanced “missile systems, liquid-propellant engines, spacecraft and missile fuel supply systems.”

Mr. Elleman’s detailed analysis is public confirmation of what intelligence officials have been saying privately for some time: The new missiles are based on a technology so complex that it would have been impossible for the North Koreans to have switched gears so quickly themselves. They apparently fired up the new engine for the first time in September — meaning that it took only 10 months to go from that basic milestone to firing an ICBM, a short time unless they were able to buy designs, hardware and expertise on the black market.

The White House had no comment when asked about the intelligence assessments.

Last month, Yuzhmash denied reports that the factory complex was struggling for survival and selling its technologies abroad, in particular to China. Its website says the company does not, has not and will not participate in “the transfer of potentially dangerous technologies outside Ukraine.”

American investigators do not believe that denial, though they say there is no evidence that the government of President Petro O. Poroshenko, who recently visited the White House, had any knowledge or control over what was happening inside the complex.

On Monday, after this story was published, Oleksandr Turchynov, a top national security official in the government of Mr. Poroshenko, denied any Ukrainian involvement.

“This information is not based on any grounds, provocative by its content, and most likely provoked by Russian secret services to cover their own crimes,” Mr. Turchynov said. He said the Ukrainian government views North Korea as “totalitarian, dangerous and unpredictable, and supports all sanctions against this country.”

How the Russian-designed engines, called the RD-250, got to North Korea is still a mystery.

Mr. Elleman was unable to rule out the possibility that a large Russian missile enterprise, Energomash, which has strong ties to the Ukrainian complex, had a role in the transfer of the RD-250 engine technology to North Korea. He said leftover RD-250 engines might also be stored in Russian warehouses.

But the fact that the powerful engines did get to North Korea, despite a raft of United Nations sanctions, suggests a broad intelligence failure involving the many nations that monitor Pyongyang.

Since President Barack Obama ordered a step-up in sabotage against the North’s missile systems in 2014, American officials have closely monitored their success. They appeared to have won a major victory last fall, when Mr. Kim ordered an end to flight tests of the Musudan, an intermediate-range missile that was a focus of the American sabotage effort.

But no sooner had Mr. Kim ordered a stand-down of that system than the North rolled out engines of a different design. And those tests were more successful.

…

It is unclear who is responsible for selling the rockets and the design knowledge, and intelligence officials have differing theories about the details. But Mr. Elleman makes a strong circumstantial case that would implicate the deteriorating factory complex and its underemployed engineers.

“I feel for those guys,” said Mr. Elleman, who visited the factory repeatedly a decade ago while working on federal projects to curb weapon threats. “They don’t want to do bad things.”

Dnipro has been called the world’s fastest-shrinking city. The sprawling factory, southeast of Kiev and once a dynamo of the Cold War, is having a hard time finding customers.

American intelligence officials note that North Korea has exploited the black market in missile technology for decades, and built an infrastructure of universities, design centers and factories of its own.

It has also recruited help: In 1992, officials at a Moscow airport stopped a team of missile experts from traveling to Pyongyang.

That was only a temporary setback for North Korea. It obtained the design for the R-27, a compact missile made for Soviet submarines, created by the Makeyev Design Bureau, an industrial complex in the Ural Mountains that employed the rogue experts apprehended at the Moscow airport.

But the R-27 was complicated, and the design was difficult for the North to copy and fly successfully.

Eventually, the North turned to an alternative font of engine secrets — the Yuzhmash plant in Ukraine, as well as its design bureau, Yuzhnoye. The team’s engines were potentially easier to copy because they were designed not for cramped submarines but roomier land-based missiles. That simplified the engineering.

Economically, the plant and design bureau faced new headwinds after Russia in early 2014 invaded and annexed Crimea, a part of Ukraine. Relations between the two nations turned icy, and Moscow withdrew plans to have Yuzhmash make new versions of the SS-18 missile.

In July 2014, a report for the Carnegie Endowment for International Peace warned that such economic upset could put Ukrainian missile and atomic experts “out of work and could expose their crucial know-how to rogue regimes and proliferators.”

The first clues that a Ukrainian engine had fallen into North Korean hands came in September when Mr. Kim supervised a ground test of a new rocket engine that analysts called the biggest and most powerful to date.

Norbert Brügge, a German analyst, reported that photos of the engine firing revealed strong similarities between it and the RD-250, a Yuzhmash model.

Alarms rang louder after a second ground firing of the North’s new engine, in March, and its powering of the flight in May of a new intermediate-range missile, the Hwasong-12. It broke the North’s record for missile distance. Its high trajectory, if leveled out, translated into about 2,800 miles, or far enough to fly beyond the American military base at Guam.

On June 1, Mr. Elleman struck an apprehensive note. He argued that the potent engine clearly hailed from “a different manufacturer than all the other engines that we’ve seen.”

Mr. Elleman said the North’s diversification into a new line of missile engines was important because it undermined the West’s assumptions about the nation’s missile prowess: “We could be in for surprises.”

That is exactly what happened. The first of the North’s two tests in July of a new missile, the Hwasong-14, went a distance sufficient to threaten Alaska, surprising the intelligence community. The second went far enough to reach the West Coast, and perhaps Denver or Chicago.

Last week, the Bulletin of the Atomic Scientists featured a detailed analysis of the new engine, also concluding that it was derived from the RD-250. The finding, the analysts said, “raises new and potentially ominous questions.”

The emerging clues suggest not only new threats from North Korea, analysts say, but new dangers of global missile proliferation because the Ukrainian factory remains financially beleaguered. It now makes trolley buses and tractors, while seeking new rocket contracts to help regain some of its past glory.

“Mr. Elleman’s detailed analysis is public confirmation of what intelligence officials have been saying privately for some time: The new missiles are based on a technology so complex that it would have been impossible for the North Koreans to have switched gears so quickly themselves. They apparently fired up the new engine for the first time in September — meaning that it took only 10 months to go from that basic milestone to firing an ICBM, a short time unless they were able to buy designs, hardware and expertise on the black market.”

Yep, despite the Ukrainian government’s attempts to suggest that it was actually Russia behind the missile technology transfer to North Korea, the evidence its pointing investigators towards a Ukrainian missile factory fallen on hard times. So is Ukraine’s government quietly dealing with North Korea or was it an independent operation by underpaid employees of a missile factory who suddenly lost their primary customers in Russia when the war broke out? Or the far-right and neo-Nazis involved? These of the grim questions we now get to add to the pile of of grim questions about about the situation in Ukraine:

…
But since Ukraine’s pro-Russian president, Viktor Yanukovych, was removed from power in 2014, the state-owned factory, known as Yuzhmash, has fallen on hard times. The Russians canceled upgrades of their nuclear fleet. The factory is underused, awash in unpaid bills and low morale. Experts believe it is the most likely source of the engines that in July powered the two ICBM tests, which were the first to suggest that North Korea has the range, if not necessarily the accuracy or warhead technology, to threaten American cities.

“It’s likely that these engines came from Ukraine — probably illicitly,” Mr. Elleman said in an interview. “The big question is how many they have and whether the Ukrainians are helping them now. I’m very worried.”

Bolstering his conclusion, he added, was a finding by United Nations investigators that North Korea tried six years ago to steal missile secrets from the Ukrainian complex. Two North Koreans were caught, and a U.N. report said the information they tried to steal was focused on advanced “missile systems, liquid-propellant engines, spacecraft and missile fuel supply systems.”

Check out the big New York Times article on the latest twist in the investigation of the 2016 DNC hacks and the quest to prove Russian hackers were behind it: There’s a witness! A real flesh and blood witness! Yep.

So who is this witness? A Ukrainian hacker known as “the Profexer” who is apparently well respected in the hacker community and creates freely available malware that’s widely used by hackers across the former Soviet Union (and presumably everywhere else since there’s no reason effective hacking tools would be limited to the former Soviet Union). He apparently makes his money by charging users for expertise in how to employ his tools and for writing custom malware. In other words, it sounds like this was a pretty prominent hacker.

And what did the “the Profexer” witness? The Profexer was allegedly hired by the anonymous Russian state-sponsored hackers to write customized code used in the DNC hacks. But he didn’t realize who he was working for or the intended purpose of the custom code. And it’s unclear how much actual interaction he had with the Russian hacking team. But he does know their online handles.

And why did he come forward as a witness? Well, as the article describes, after the US Department of Homeland Security released its “Operation Grizzly Steppe” report in late December that purported to show the technical evidence the Russian government was behind the hacks there was a lot of confusion of why it was that the technical evidence wasn’t pointing towards Russia but instead Ukraine. In particular, one of the sample piece of malware released in that report was a tool called P.A.S. web shell, a script that could be uploaded to a server that would allow for remote execution of command. And P.A.S. web shell is the Profexer’s tool. His widely used freely available tool. It was apparently at that point that the Profexer starting getting very nervous that he was going to be arrested by the Ukrainian government and handed over to the US. So he decided to turn himself in to Ukrainian authorities.

So a Ukrainian hacker who builds widely used free hacking tools and whose tool was used in at least one of the DNC hacks decided to turn himself in to Ukrainian authorities. He doesn’t have any actual evidence he was hired by a Russian hacking team, he claims he didn’t know who hired him or why, but apparently he was so freaked out about his tool showing up in the “Grizzly Steppe” report that he decided to turn himself in to Ukrainian authorities. And that’s the big twist that the following article contorts into further evidence of Russian government hackers.

But the story gets even shadier: The assertion that the Profexer was paid by Russian hackers to write custom malware comes from Anton Gerashchenko, a far-right member of Ukraine’s Parliament with close ties to the security services. And according to Mr. Gerashchenko, the interaction the Prefexor had with the ‘Russian hackers’ was online or by phone and that the Ukrainian programmer had been paid to write customized malware without knowing its purpose. But as the article also notes, “It is not clear whether the specific malware the programmer created was used to hack the D.N.C. servers, but it was identified in other Russian hacking efforts in the United States.” So the custom code that the Profexer claims to have written for the Russian hackers who hacked the DNC maybe not have actually been used in the DNC hacks. But what about the P.A.S. web shell tool the Profexer wrote that was cited in the “Grizzly Steppe” report? Well, as many noted following the Grizzly Steppe report, the version of P.A.S. web shell they released in their sample malware used in the attack was an outdated version of P.A.S. web shell.

The article also notes that the Ukrainian government has handed over to the FBI server images of the Ukrainian Election Commission server that was hacked in 2014 during a high profile hack suspected to be the work of Russian government agents. Investigators have found traces of the same malware on that server that was used in the DNC hacks which is being used as further evidence that Russian hackers were behind the DNC hacks, ignoring the fact highlighted by the rest of the article that hackers often use the same tools.

So, to summarize, the hot new story about the flesh and blood witness in the ‘Russian hacks’ is a notorious Ukrainian hacker whose freely available and popular P.A.S. web shell hacking tool was released in batch of sample malware in the Grizzly Steppe report. And despite being the author of a widely used hacking tool that’s popular with hackers across the former Soviet Union, the fact that his tool turned up in the DHS report freaked him out so much that he decided to turn himself in to authorities, claiming that he was hired by people he believes were the Russian hackers to write customized tools, although he didn’t suspect it at the time and can only identify these people by their anonymous online handles. The P.A.S. web shell tool that was used in the hacks was an outdated version and it’s unclear whether the custom tool he allegedly wrote was used in the DNC hacks at all. That’s the flesh and blood witness:

The New York Times

In Ukraine, a Malware Expert Who Could Blow the Whistle on Russian Hacking

By ANDREW E. KRAMER and ANDREW HIGGINS
AUG. 16, 2017

KIEV, Ukraine — The hacker, known only by his online alias “Profexer,” kept a low profile. He wrote computer code alone in an apartment and quietly sold his handiwork on the anonymous portion of the internet known as the dark web. Last winter, he suddenly went dark entirely.

Profexer’s posts, already accessible only to a small band of fellow hackers and cybercriminals looking for software tips, blinked out in January — just days after American intelligence agencies publicly identified a program he had written as one tool used in Russian hacking in the United States. American intelligence agencies have determined Russian hackers were behind the electronic break-in of the Democratic National Committee.

But while Profexer’s online persona vanished, a flesh-and-blood person has emerged: a fearful man who the Ukrainian police said turned himself in early this year, and has now become a witness for the F.B.I.

“I don’t know what will happen,” he wrote in one of his last messages posted on a restricted-access website before going to the police. “It won’t be pleasant. But I’m still alive.”

It is the first known instance of a living witness emerging from the arid mass of technical detail that has so far shaped the investigation into the election hacking and the heated debate it has stirred. The Ukrainian police declined to divulge the man’s name or other details, other than that he is living in Ukraine and has not been arrested.

There is no evidence that Profexer worked, at least knowingly, for Russia’s intelligence services, but his malware apparently did.

That a hacking operation that Washington is convinced was orchestrated by Moscow would obtain malware from a source in Ukraine — perhaps the Kremlin’s most bitter enemy — sheds considerable light on the Russian security services’ modus operandi in what Western intelligence agencies say is their clandestine cyberwar against the United States and Europe.

It does not suggest a compact team of government employees who write all their own code and carry out attacks during office hours in Moscow or St. Petersburg, but rather a far looser enterprise that draws on talent and hacking tools wherever they can be found.

Also emerging from Ukraine is a sharper picture of what the United States believes is a Russian government hacking group known as Advanced Persistent Threat 28 or Fancy Bear. It is this group, which American intelligence agencies believe is operated by Russian military intelligence, that has been blamed, along with a second Russian outfit known as Cozy Bear, for the D.N.C. intrusion.

Rather than training, arming and deploying hackers to carry out a specific mission like just another military unit, Fancy Bear and its twin Cozy Bear have operated more as centers for organization and financing; much of the hard work like coding is outsourced to private and often crime-tainted vendors.

Russia’s Testing Ground

In more than a decade of tracking suspected Russian-directed cyberattacks against a host of targets in the West and in former Soviet territories — NATO, electrical grids, research groups, journalists critical of Russia and political parties, to name a few — security services around the world have identified only a handful of people who are directly involved in either carrying out such attacks or providing the cyberweapons that were used.

This absence of reliable witnesses has left ample room for President Trump and others to raise doubts about whether Russia really was involved in the D.N.C. hack.

“There is not now and never has been a single piece of technical evidence produced that connects the malware used in the D.N.C. attack to the G.R.U., F.S.B. or any agency of the Russian government,” said Jeffrey Carr, the author of a book on cyberwarfare. The G.R.U. is Russia’s military intelligence agency, and the F.S.B. its federal security service.

United States intelligence agencies, however, have been unequivocal in pointing a finger at Russia.

…

Security experts were initially left scratching their heads when the Department of Homeland Security on Dec. 29 released technical evidence of Russian hacking that seemed to point not to Russia, but rather to Ukraine.

In this initial report, the department released only one sample of malware said to be an indicator of Russian state-sponsored hacking, though outside experts said a variety of malicious programs were used in Russian electoral hacking.

The sample pointed to a malware program, called the P.A.S. web shell, a hacking tool advertised on Russian-language dark web forums and used by cybercriminals throughout the former Soviet Union. The author, Profexer, is a well-regarded technical expert among hackers, spoken about with awe and respect in Kiev.

He had made it available to download, free, from a website that asked only for donations, ranging from $3 to $250. The real money was made by selling customized versions and by guiding his hacker clients in its effective use. It remains unclear how extensively he interacted with the Russian hacking team.

After the Department of Homeland Security identified his creation, he quickly shut down his website and posted on a closed forum for hackers, called Exploit, that “I’m not interested in excessive attention to me personally.”

Soon, a hint of panic appeared, and he posted a note saying that, six days on, he was still alive.

Another hacker, with the nickname Zloi Santa, or Bad Santa, suggested the Americans would certainly find him, and place him under arrest, perhaps during a layover at an airport.

“It could be, or it could not be, it depends only on politics,” Profexer responded. “If U.S. law enforcement wants to take me down, they will not wait for me in some country’s airport. Relations between our countries are so tight I would be arrested in my kitchen, at the first request.”

In fact, Serhiy Demediuk, chief of the Ukrainian Cyber Police, said in an interview that Profexer went to the authorities himself. As the cooperation began, Profexer went dark on hacker forums. He last posted online on Jan. 9. Mr. Demediuk said he had made the witness available to the F.B.I., which has posted a full-time cybersecurity expert in Kiev as one of four bureau agents stationed at the United States Embassy there. The F.B.I. declined to comment.

Profexer was not arrested because his activities fell in a legal gray zone, as an author but not a user of malware, the Ukrainian police say. But he did know the users, at least by their online handles. “He told us he didn’t create it to be used in the way it was,” Mr. Demediuk said.

A member of Ukraine’s Parliament with close ties to the security services, Anton Gerashchenko, said that the interaction was online or by phone and that the Ukrainian programmer had been paid to write customized malware without knowing its purpose, only later learning it was used in Russian hacking.

Mr. Gerashchenko described the author only in broad strokes, to protect his safety, as a young man from a provincial Ukrainian city. He confirmed that the author turned himself in to the police and was cooperating as a witness in the D.N.C. investigation. “He was a freelancer and now he is a valuable witness,” Mr. Gerashchenko said.

It is not clear whether the specific malware the programmer created was used to hack the D.N.C. servers, but it was identified in other Russian hacking efforts in the United States.

A Bear’s Lair

While it is not known what Profexer has told Ukrainian investigators and the F.B.I. about Russia’s hacking efforts, evidence emanating from Ukraine has again provided some of the clearest pictures yet about Fancy Bear, or Advanced Persistent Threat 28, which is run by the G.R.U.

Fancy Bear has been identified mostly by what it does, not by who does it. One of its recurring features has been the theft of emails and its close collaboration with the Russian state news media.

Tracking the bear to its lair, however, has so far proved impossible, not least because many experts believe that no such single place exists.

Even for a sophisticated tech company like Microsoft, singling out individuals in the digital miasma has proved just about impossible. To curtail the damage to clients’ operating systems, the company filed a complaint against Fancy Bear last year with the United States District Court for the Eastern District of Virginia but found itself boxing with shadows.

As Microsoft lawyers reported to the court, “because defendants used fake contact information, anonymous Bitcoin and prepaid credit cards and false identities, and sophisticated technical means to conceal their identities, when setting up and using the relevant internet domains, defendants’ true identities remain unknown.”

Nevertheless, Ukrainian officials, though wary of upsetting the Trump administration, have been quietly cooperating with American investigators to try to figure out who stands behind all the disguises.

Included in this sharing of information were copies of the server hard drives of Ukraine’s Central Election Commission, which were targeted during a presidential election in May 2014. That the F.B.I. had obtained evidence of this earlier, Russian-linked electoral hack has not been previously reported.

Traces of the same malicious code, this time a program called Sofacy, were seen in the 2014 attack in Ukraine and later in the D.N.C. intrusion in the United States.

Intriguingly, in the cyberattack during the Ukrainian election, what appears to have been a bungle by Channel 1, a Russian state television station, inadvertently implicated the government authorities in Moscow.

Hackers had loaded onto a Ukrainian election commission server a graphic mimicking the page for displaying results. This phony page showed a shocker of an outcome: an election win for a fiercely anti-Russian, ultraright candidate, Dmytro Yarosh. Mr. Yarosh in reality received less than 1 percent of the vote.

The false result would have played into a Russian propaganda narrative that Ukraine today is ruled by hard-right, even fascist, figures.

The fake image was programmed to display when polls closed, at 8 p.m., but a Ukrainian cybersecurity company, InfoSafe, discovered it just minutes earlier and unplugged the server.

State television in Russia nevertheless reported that Mr. Yarosh had won and broadcast the fake graphic, citing the election commission’s website, even though the image had never appeared there. The hacker had clearly provided Channel 1 with the same image in advance, but the reporters had failed to check that the hack actually worked.

“For me, this is an obvious link between the hackers and Russian officials,” said Victor Zhora, director of InfoSafe, the cybersecurity company that first found the fake graphic.

A Ukrainian government researcher who studied the hack, Nikolai Koval, published his findings in a 2015 book, “Cyberwar in Perspective,” and identified the Sofacy malware on the server.

The mirror of the hard drive went to the F.B.I., which had this forensic sample when the cybersecurity company CrowdStrike identified the same malware two years later, on the D.N.C. servers.

“It was the first strike,” Mr. Zhora said of the earlier hack of Ukraine’s electoral computers. Ukraine’s Cyber Police have also provided the F.B.I. with copies of server hard drives showing the possible origins of some phishing emails targeting the Democratic Party during the election.

In 2016, two years after the election hack in Ukraine, hackers using some of the same techniques plundered the email system of the World Anti-Doping Agency, or WADA, which had accused Russian athletes of systematic drug use.

That raid, too, seems to have been closely coordinated with Russian state television, which began airing well-prepared reports about WADA’s hacked emails just minutes after they were made public. The emails appeared on a website that announced that WADA had been hacked by a group calling itself the “Fancy Bears’ Hack Team.”

It was the first time Fancy Bear had broken cover.

Fancy Bear remains extraordinarily elusive, however. To throw investigators off its scent, the group has undergone various makeovers, restocking its arsenal of malware and sometimes hiding under different guises. One of its alter egos, cyberexperts believe, is Cyber Berkut, an outfit supposedly set up in Ukraine by supporters of the country’s pro-Russian president, Viktor F. Yanukovych, who was ousted in 2014.

After lying dormant for many months, Cyber Berkut jumped back into action this summer just as multiple investigations in Washington into whether the Trump campaign colluded with Moscow shifted into high gear. Cyber Berkut released stolen emails that it and Russian state news media said had exposed the real story: Hillary Clinton had colluded with Ukraine.

“Security experts were initially left scratching their heads when the Department of Homeland Security on Dec. 29 released technical evidence of Russian hacking that seemed to point not to Russia, but rather to Ukraine.”

Yep, when the DHS released its “Grizzly Steppe” report in late December the technical evidence curiously seemed to point not towards Russia but towards Urkaine. And the sample malware in that report happened to be the Profexer’s P.A.S. web shell tool which so terrified that hacker, a revered hacker and author of popular freely available hacking tools, that he decided to turn himself in Ukrainian authorities shortly afterwards:

…Security experts were initially left scratching their heads when the Department of Homeland Security on Dec. 29 released technical evidence of Russian hacking that seemed to point not to Russia, but rather to Ukraine.

In this initial report, the department released only one sample of malware said to be an indicator of Russian state-sponsored hacking, though outside experts said a variety of malicious programs were used in Russian electoral hacking.

The sample pointed to a malware program, called the P.A.S. web shell, a hacking tool advertised on Russian-language dark web forums and used by cybercriminals throughout the former Soviet Union. The author, Profexer, is a well-regarded technical expert among hackers, spoken about with awe and respect in Kiev.

He had made it available to download, free, from a website that asked only for donations, ranging from $3 to $250. The real money was made by selling customized versions and by guiding his hacker clients in its effective use. It remains unclear how extensively he interacted with the Russian hacking team.

After the Department of Homeland Security identified his creation, he quickly shut down his website and posted on a closed forum for hackers, called Exploit, that “I’m not interested in excessive attention to me personally.”
…

And according to the far-right Ukrainian MP, Anton Gerashchenko, the Profexer was indeed hired by these Russian government hackers to write customized malware. But the Profexer can’t actually identify them by anything other than their anonymous online handles and it’s unclear if that customized malware was actually used in the DNC hacks, although it’s apparently clear that the customized malware was used in other hacking efforts in the US:

…In fact, Serhiy Demediuk, chief of the Ukrainian Cyber Police, said in an interview that Profexer went to the authorities himself. As the cooperation began, Profexer went dark on hacker forums. He last posted online on Jan. 9. Mr. Demediuk said he had made the witness available to the F.B.I., which has posted a full-time cybersecurity expert in Kiev as one of four bureau agents stationed at the United States Embassy there. The F.B.I. declined to comment.

Profexer was not arrested because his activities fell in a legal gray zone, as an author but not a user of malware, the Ukrainian police say. But he did know the users, at least by their online handles. “He told us he didn’t create it to be used in the way it was,” Mr. Demediuk said.

A member of Ukraine’s Parliament with close ties to the security services, Anton Gerashchenko, said that the interaction was online or by phone and that the Ukrainian programmer had been paid to write customized malware without knowing its purpose, only later learning it was used in Russian hacking.

Mr. Gerashchenko described the author only in broad strokes, to protect his safety, as a young man from a provincial Ukrainian city. He confirmed that the author turned himself in to the police and was cooperating as a witness in the D.N.C. investigation. “He was a freelancer and now he is a valuable witness,” Mr. Gerashchenko said.

It is not clear whether the specific malware the programmer created was used to hack the D.N.C. servers, but it was identified in other Russian hacking efforts in the United States.
…

“It is not clear whether the specific malware the programmer created was used to hack the D.N.C. servers, but it was identified in other Russian hacking efforts in the United States.”

So unless there’s a lot more information yet to come along this line of inquiry, it’s looking like the primary criminal activity that the Profexer witnessed was the his own quasi-crime of created customized malware for an anonymous group that may or may not have been used in the DNC hacks. Based on this compelling evidence it appears we can narrow the culprits down to…pretty much any hacker. Huzzah!

Exclusive: By orchestrating the 2014 “regime change” in Ukraine, U.S. neocons may have indirectly contributed to a desperate Ukrainian factory selling advanced rocket engines to North Korea and endangering America, writes Robert Parry.

By Robert Parry
August 15, 2017

U.S. intelligence analysts reportedly have traced North Korea’s leap forward in creating an intercontinental ballistic missile capable of striking U.S. territory to a decaying Ukrainian rocket-engine factory whose alleged role could lift the cover off other suppressed mysteries related to the U.S.-backed coup in Kiev.

Because the 2014 coup – overthrowing elected President Viktor Yanukovych – was partly orchestrated by the U.S. government’s influential neoconservatives and warmly embraced by the West’s mainstream media, many of the ugly features of the Kiev regime have been downplayed or ignored, including the fact that corrupt oligarch Igor Kolomoisky was put in charge of the area where the implicated factory was located.

As the region’s governor, the thuggish Kolomoisky founded armed militias of Ukrainian extremists, including neo-Nazis, who spearheaded the violence against ethnic Russians in eastern provinces, which had voted heavily for Yanukovych and tried to resist his violent overthrow.

Kolomoisky, who has triple citizenship from Ukraine, Cyprus and Israel, was eventually ousted as governor of Dnipropetrovsk (now called Dnipro) on March 25, 2015, after a showdown with Ukraine’s current President Petro Poroshenko over control of the state-owned energy company, but by then Kolomoisky’s team had put its corrupt mark on the region.

At the time of the Kolomoisky-Poroshenko showdown, Valentyn Nalyvaychenko, chief of the State Security Service, accused Dnipropetrovsk officials of financing armed gangs and threatening investigators, Bloomberg News reported, while noting that Ukraine had sunk to 142nd place out of 175 countries in Transparency International’s Corruptions Perception Index, the worst in Europe.

Even earlier in Kolomoisky’s brutal reign, Dnipropetrovsk had become the center for the violent intrigue that has plagued Ukraine for the past several years, including the dispatch of neo-Nazi militias to kill ethnic Russians who then turned to Russia for support.

Tolerating Nazis

Yet, protected by the waves of anti-Russian propaganda sweeping across the West, Kolomoisky’s crowd saw few reasons for restraint. So, among the Kolomoisky-backed militias was the Azov battalion whose members marched with Swastikas and other Nazi insignias.

Ironically, the same Western media which heartily has condemned neo-Nazi and white-nationalist violence in Charlottesville, Virginia, adopted a much more tolerant attitude toward Ukraine’s neo-Nazism even as those militants murdered scores of ethnic Russians in Odessa in May 2014 and attacked ethnic Russian communities in the east where thousands more died.

When it came to Ukraine, The New York Times and other mainstream outlets were so dedicated to their anti-Russian propaganda that they veered between minimizing the significance of the neo-Nazi militias and treating them as bulwarks of Western civilization.

For instance, on Feb. 11, 2015, the Times published a long article by Rick Lyman that presented the situation in the port city of Mariupol as if the advance by ethnic Russian rebels amounted to the arrival of barbarians at the gate while the inhabitants were being bravely defended by the forces of civilization. But then the article cited the key role in that defense played by the Azov battalion.

Though the article provided much color and detail and quoted an Azov leader prominently, it left out the fact that the Azov battalion was composed of neo-Nazis.

This inconvenient truth that neo-Nazis were central to Ukraine’s “self-defense forces” would have disrupted the desired propaganda message about “Russian aggression.” After all, wouldn’t many Americans and Europeans understand why Russia, which suffered some 27 million dead in World War II, might be sensitive to neo-Nazis killing ethnic Russians on Russia’s border?

So, in Lyman’s article, the Times ignored Azov’s well-known neo-Nazism and referred to it simply as a “volunteer unit.”

In other cases, the Times casually brushed past the key role of fascist militants. In July 2015, the Times published a curiously upbeat story about the good news that Islamic militants had joined with far-right and neo-Nazi battalions to kill ethnic Russian rebels.

The article by Andrew E. Kramer reported that there were three Islamic battalions “deployed to the hottest zones,” such as around Mariupol. One of the battalions was headed by a former Chechen warlord who went by the name “Muslim,” Kramer wrote, adding:

“The Chechen commands the Sheikh Mansur group, named for an 18th-century Chechen resistance figure. It is subordinate to the nationalist Right Sector, a Ukrainian militia. Right Sector formed during last year’s street protests in Kiev from a half-dozen fringe Ukrainian nationalist groups like White Hammer and the Trident of Stepan Bandera.

“Another, the Azov group, is openly neo-Nazi, using the Wolf’s Hook’ symbol associated with the [Nazi] SS. Without addressing the issue of the Nazi symbol, the Chechen said he got along well with the nationalists because, like him, they loved their homeland and hated the Russians.”

Rockets for North Korea

The Times encountered another discomforting reality on Monday when correspondents William J. Broad and David E. Sanger described U.S. intelligence assessments pointing to North Korea’s likely source of its new and more powerful rocket engines as a Ukrainian factory in Dnipro.

Of course, the Times bent over backward to suggest that the blame might still fall on Russia even though Dnipro is a stronghold of some of Ukraine’s most militantly anti-Russian politicians and although U.S. intelligence analysts have centered their suspicions on a Ukrainian-government-owned factory there, known as Yuzhmash.

So, it would seem clear that corrupt Ukrainian officials, possibly in cahoots with financially pressed executives or employees of Yuzhmash, are the likeliest suspects in the smuggling of these rocket engines to North Korea.

Even the Times couldn’t dodge that reality, saying: “Government investigators and experts have focused their inquiries on a missile factory in Dnipro, Ukraine.” But the Times added that Dnipro is “on the edge of the territory where Russia is fighting a low-level war to break off part of Ukraine” – to suggest that the Russians somehow might have snuck into the factory, stolen the engines and smuggled them to North Korea.

But the Times also cited the view of missile expert Michael Elleman, who addressed North Korea’s sudden access to more powerful engines in a study issued this week by the International Institute for Strategic Studies.

“It’s likely that these engines came from Ukraine — probably illicitly,” Elleman said in an interview with the Times. “The big question is how many they have and whether the Ukrainians are helping them now. I’m very worried.”

Yet, always looking for a chance to shift the blame to Russia, the Times quickly inserted that “Mr. Elleman was unable to rule out the possibility that a large Russian missile enterprise, Energomash, which has strong ties to the Ukrainian complex, had a role in the transfer of the RD-250 engine technology to North Korea.”

…

Yet, while the Ukraine crisis may have reduced living standards for average Ukrainians, it was an important catalyst in the creation of the New Cold War between Washington and Moscow, which offers lucrative opportunities for U.S. military contractors and their many think-tank apologists despite increasing the risk of nuclear war for the rest of us.

In particular, U.S. neoconservatives have viewed heightened tensions between the West and Russia as valuable both in driving up military spending and laying the groundwork for a possible “regime change” in Moscow. The neocons have wanted to retaliate against Russian President Vladimir Putin’s role in frustrating neocon (and Israeli-Saudi) desires to overthrow Syrian President Bashar al-Assad and to bomb Iran, which Israel and Saudi Arabia now view as their principal regional adversary.

Kolomoisky’s operation in Dnipro also has come under suspicion for a possible role in the shoot-down of Malaysia Airlines Flight 17 on July 17, 2014. According to a source briefed by U.S. intelligence analysts, Dnipro was the center of a plot to use a powerful anti-aircraft missile to shoot down Putin’s official plane on a return flight from South America, but instead – after Putin’s plane took a more northerly route – the missile brought down MH-17, killing all 298 people aboard.

For reasons that have still not been explained, the Obama administration suppressed U.S. intelligence reports on the MH-17 tragedy and instead joined in pinning the shoot-down on ethnic Russian rebels and, by implication, Putin and his government.

In the West, the MH-17 shoot-down became a cause celebre, generating a powerful propaganda campaign to demonize Putin and Russia – and push Europe into joining sanctions against Moscow. Few people dared question Russia alleged guilt even though the Russia-did-it arguments were full of holes. [See here and here.]

Now this North Korean case forces the issue of Ukraine’s reckless behavior to the fore again: Did an inept or corrupt Ukrainian bureaucracy participate in or tolerate a scheme to sell powerful rocket engines to North Korea and enable a nuclear threat to U.S. territory?

In response to the reports of possible Ukrainian collusion in North Korea’s missile program, Oleksandr Turchynov, secretary of the Ukrainian national security and defense council, issued a bizarre denial suggesting that The New York Times and U.S. intelligence agencies were pawns of Russia.

“This information [about North Korea possibly obtaining rocket engines from Ukraine] is not based on any grounds, provocative by its content, and most likely provoked by Russian secret services to cover their own crimes,” Turchynov said.

Press reports about Turchynov’s statement left out two salient facts: that as the interim President following the February 2014 coup, Turchynov ordered Right Sektor militants to begin the bloody siege of rebel-held Sloviansk, a key escalation in the conflict, and that Turchynov was the one who appointed Kolomoisky to be the ruler of Dnipropetrovsk.

“Because the 2014 coup – overthrowing elected President Viktor Yanukovych – was partly orchestrated by the U.S. government’s influential neoconservatives and warmly embraced by the West’s mainstream media, many of the ugly features of the Kiev regime have been downplayed or ignored, including the fact that corrupt oligarch Igor Kolomoisky was put in charge of the area where the implicated factory was located.”

Yep, a crazy billionaire with deep ties to the neo-Nazi militias was the governor of region where the missile technology appears to have disappeared. So it will be interesting to learn when exactly that technology transfer took place. But even if it happened after Kolomoiosky stepped down as governor in 2015, it’s still going to be his network running the place:

…As the region’s governor, the thuggish Kolomoisky founded armed militias of Ukrainian extremists, including neo-Nazis, who spearheaded the violence against ethnic Russians in eastern provinces, which had voted heavily for Yanukovych and tried to resist his violent overthrow.

Kolomoisky, who has triple citizenship from Ukraine, Cyprus and Israel, was eventually ousted as governor of Dnipropetrovsk (now called Dnipro) on March 25, 2015, after a showdown with Ukraine’s current President Petro Poroshenko over control of the state-owned energy company, but by then Kolomoisky’s team had put its corrupt mark on the region.
…

The New York Times this week published a fascinating story about a young programmer in Ukraine who’d turned himself in to the local police. The Times says the man did so after one of his software tools was identified by the U.S. government as part of the arsenal used by Russian hackers suspected of hacking into the Democratic National Committee (DNC) last year. It’s a good read, as long as you can ignore that the premise of the piece is completely wrong.

“Profexer’s posts, already accessible to only a small band of fellow hackers and cybercriminals looking for software tips, blinked out in January — just days after American intelligence agencies publicly identified a program he had written as one tool used in Russian hacking in the United States. American intelligence agencies have determined Russian hackers were behind the electronic break-in of the Democratic National Committee.”

The Times’ reasoning for focusing on the travails of Mr. Profexer comes from the “GRIZZLYSTEPPE” report, a collection of technical indicators or attack “signatures” published in December 2016 by the U.S. government that companies can use to determine whether their networks may be compromised by a number of different Russian cybercrime groups.

The only trouble is nothing in the GRIZZLYSTEPPE report said which of those technical indicators were found in the DNC hack. In fact, Prefexer’s “P.A.S. Web shell” tool — a program designed to insert a digital backdoor that lets attackers control a hacked Web site remotely — was specifically not among the hacking tools found in the DNC break-in.

That’s according to Crowdstrike, the company called in to examine the DNC’s servers following the intrusion. In a statement released to KrebsOnSecurity, Crowdstrike said it published the list of malware that it found was used in the DNC hack, and that the Web shell named in the New York Times story was not on that list.

Robert M. Lee is founder of the industrial cybersecurity firm Dragos, Inc. and an expert on the challenges associated with attribution in cybercrime. In a post on his personal blog, Lee challenged The Times on its conclusions.

“The GRIZZLYSTEPPE report has nothing to do with the DNC breach though and was a collection of technical indicators the government compiled from multiple agencies all working different Russian related threat groups,” Lee wrote.

“The threat group that compromised the DNC was Russian but not all Russian groups broke into the DNC,” he continued. “The GRIZZLYSTEPPE report was also highly criticized for its lack of accuracy and lack of a clear message and purpose. I covered it here on my blog but that was also picked up by numerous journalists and covered elsewhere [link added]. In other words, there’s no excuse for not knowing how widely criticized the GRIZZLYSTEPPE report was before citing it as good evidence in a NYT piece.”

Perhaps in response to Lee’s blog post, The Times issued a correction to the story, re-writing the above-quoted and indented paragraph to read:

“It is the first known instance of a living witness emerging from the arid mass of technical detail that has so far shaped the investigation into the election hacking and the heated debate it has stirred. The Ukrainian police declined to divulge the man’s name or other details, other than that he is living in Ukraine and has not been arrested.”

[Side note: Profexer may well have been doxed by this publication just weeks after the GRIZZLYSTEPPE report was released.]

This would not be the first time the GRIZZLYSTEPPE report provided fodder for some too-hasty hacking conclusions by a major newspaper. On December 31 2016, The Washington Post published a breathless story reporting that an electric utility in Vermont had been compromised by Russian hackers who had penetrated the U.S. electric grid.

The Post cited unnamed “U.S. officials” saying the Vermont utility had found a threat signature from the GRIZZLYSTEPPE report inside its networks. Not long after the story ran, the utility in question said it detected the malware signature in a single laptop that was not connected to the grid, and the Post was forced to significantly walk back its story.

Matt Tait, a senior fellow at the Robert Strauss Center for International Security and Law at UT Austin, said indicators of compromise or IOCs like those listed in the GRIZZLYSTEPPE report have limited value in attributing who may be responsible for an online attack.

“It’s a classic problem that these IOCs indicate you may be compromised, but they’re not very good for attribution,” Tait said. “The Grizzly Steppe report is a massive file of signatures, and loads of people have run those, found various things on their network, and then assumed it’s all related to the DNC hack. But there’s absolutely no tie between the DNC hack that in any way involved this P.A.S. Web shell.”

“The only trouble is nothing in the GRIZZLYSTEPPE report said which of those technical indicators were found in the DNC hack. In fact, Prefexer’s “P.A.S. Web shell” tool — a program designed to insert a digital backdoor that lets attackers control a hacked Web site remotely — was specifically not among the hacking tools found in the DNC break-in.”

And it’s not Krebs independtly making the assertion that the Profexer’s P.A.S. web shell tool wasn’t actually used in the DNC break-in. Crowdstrike, the only firm to actually examine the DNC’s servers, released its own list of malware and P.A.S. web shell was not on that list:

…
That’s according to Crowdstrike, the company called in to examine the DNC’s servers following the intrusion. In a statement released to KrebsOnSecurity, Crowdstrike said it published the list of malware that it found was used in the DNC hack, and that the Web shell named in the New York Times story was not on that list.
…

So unless there’s a bunch of stuff we aren’t being told, it appears that the Ukrainian hacker who became an FBI “witness” has pretty much nothing to do with the hack other than being a hacker.

And note this interesting observation: The Profexer was identified back in January, shortly after the Grizzley Steppe report:

…
[Side note: Profexer may well have been doxed by this publication just weeks after the GRIZZLYSTEPPE report was released.]
…

1) U.S. Department of Homeland Security claims that the DNC was hacked by Russian intelligence services using a Russian malware tool they have named Grizzly Steppe or “PAS tool PHP web kit”. They have published a YARA signature file that allows anyone to identify it.

4) pro-os.ru is offline with the domain registration expired, but Internet Archive has copies from April and May 2015. The photo on the page indicates that they are experts in “deadly” computer viruses.

The contacts given on the pro-os.ru site link to the VK account of Roman Alexeev and the email address roman@pro-os.ru. The VK account has been suspended because of “suspicious activity”. (You need to be logged in to VK to see the “Author” of the application.)

5) “Roman Alexeev” advertises his skills and services as a web developer, linking to his VK account but also giving a skype account (ya.aalexeev) and an email address (mcmugok@yandex.ru).http://verni.com.ua/feedback/

7) The profile photo on Freelancehunt actually belongs to Jaroslav Volodimirovich Panchenko (???????? ??????? ?????????????), an information technology student and member of the student self-government structure of the Poltava National Technical University.

“The profile photo on Freelancehunt actually belongs to Jaroslav Volodimirovich Panchenko (???????? ??????? ?????????????), an information technology student and member of the student self-government structure of the Poltava National Technical University.”

So if Jaroslav Panchenko is indeed the “Profexer” you can understand why he might be somewhat concerned about being outed, which raises the question of whether or not the publication of this Off-Guardian article on January 9th had anything to do with his decision to turn himself in to Ukrainian authorities. Note the New York Times report about the Profexer states that he “went dark” on the hacker forums in early January, with his last post online on January 9th. It’s quite a coincidence. Still, if even the P.A.S. web shell tool he wrote wasn’t used in the DNC hacks it’s unclear what concerns the Profexer should have at all over potential legal liability over his role in the DNC hacks since it doesn’t look like he actually played a role in those hacks, even indirectly. And that’s the lone “flesh and blood” witness thus far.

Here’s the latest story about hackers, who we are told with an inexplicably high degree of certainty are Russian government hackers, hacking into US and European electrical grids. But in this case it sounds like the hackers actually have the capacity to shut down at least some power grid operations and even trigger blackouts. The hacking group has been named Dragonfly 2.0, Energetic Bear, Iron Liberty, and Koala, by the various companies like Crowdstrike and FireEye that have been tracking it since 2010.

This of course, assumes this is a single group hacking group behind all these attacks and not simply multiple operators utilizing similar code and methods, whichisa big assumption).

Also, Symantec, the company that released the latest report on “Dragonfly 2.0”, emphasized that it did not have the necessary evidence to attribute these hacks to the Russian government. Crowdstrike and FireEye, on the other hand, have already made that attribution for the group based on previous hacks.

So we now have reports about one of more hacking groups that have successfully hacked into the US and European electrical grids, obtaining operational control and the ability to trigger blackouts at will in some instances. And it’s already been concluded that Russia did it:

Wired

Hackers Gain ‘Switch-Flipping’ Access to US Power Grid Control Systems

Andy Greenberg
09.06.17 06:00 am

In an era of hacker attacks on critical infrastructure, even a run-of-the-mill malware infection on an electric utility’s network is enough to raise alarm bells. But the latest collection of power grid penetrations went far deeper: Security firm Symantec is warning that a series of recent hacker attacks not only compromised energy companies in the US and Europe but also resulted in the intruders gaining hands-on access to power grid operations—enough control that they could have induced blackouts on American soil at will.

Symantec on Wednesday revealed a new campaign of attacks by a group it is calling Dragonfly 2.0, which it says targeted dozens of energy companies in the spring and summer of this year. In more than 20 cases, Symantec says the hackers successfully gained access to the target companies’ networks. And at a handful of US power firms and at least one company in Turkey—none of which Symantec will name—their forensic analysis found that the hackers obtained what they call operational access: control of the interfaces power company engineers use to send actual commands to equipment like circuit breakers, giving them the ability to stop the flow of electricity into US homes and businesses.

“There’s a difference between being a step away from conducting sabotage and actually being in a position to conduct sabotage … being able to flip the switch on power generation,” says Eric Chien, a Symantec security analyst. “We’re now talking about on-the-ground technical evidence this could happen in the US, and there’s nothing left standing in the way except the motivation of some actor out in the world.”

Never before have hackers been shown to have that level of control of American power company systems, Chien notes. The only comparable situations, he says, have been the repeated hacker attacks on the Ukrainian grid that twice caused power outages in the country in late 2015 and 2016, the first known hacker-induced blackouts.

The Usual Suspects

Security firms like FireEye and Dragos have pinned those Ukrainian attacks on a hacker group known as Sandworm, believed to be based in Russia. But Symantec stopped short of blaming the more recent attacks on any country or even trying to explain the hackers’ motives. Chien says the company has found no connections between Sandworm and the intrusions it has tracked. Nor has it directly connected the Dragonfly 2.0 campaign to the string of hacker intrusions at US power companies—including a Kansas nuclear facility—known as Palmetto Fusion, which unnamed officials revealed in July and later tied to Russia.

Chien does note, however, that the timing and public descriptions of the Palmetto Fusion hacking campaigns match up with its Dragonfly findings. “It’s highly unlikely this is just coincidental,” Chien says. But he adds that while the Palmetto Fusion intrusions included a breach of a nuclear power plant, the most serious DragonFly intrusions Symantec tracked penetrated only non-nuclear energy companies, which have less strict separations of their internet-connected IT networks and operational controls.

As Symantec’s report on the new intrusions details, the company has tracked the Dragonfly 2.0 attacks back to at least December of 2015, but found that they ramped up significantly in the first half of 2017, particularly in the US, Turkey, and Switzerland. Its analysis of those breaches found that they began with spearphishing emails that tricked victims into opening a malicious attachment—the earliest they found was a fake invitation to a New Year’s Eve party—or so-called watering hole attacks that compromise a website commonly visited by targets to hack victims’ computers.

Those attacks were designed to harvest credentials from victims and gain remote access to their machines. And in the most successful of those cases, including several instances in the US and one in Turkey, the attackers penetrated deep enough to screenshot the actual control panels for their targets’ grid operations—what Symantec believes was a final step in positioning themselves to sabotage those systems at will. “That’s exactly what you’d do if you were to attempt sabotage,” he says. “You’d take these sorts of screenshots to understand what you had to do next, like literally which switch to flip.”

And if those hackers did gain the ability to cause a blackout in the US, why did they stop short? Chien reasons that they may have been seeking the option to cause an electric disruption but waiting for an opportunity that would be most strategically useful—say, if an armed conflict broke out, or potentially to issue a well-timed threat that would deter the US from using its own hacking capabilities against another foreign nation’s critical infrastructure. “If these attacks are from a nation state,” Chien says, “one would expect sabotage only in relation to a political event.”

The Ukrainian Precedent

Not every group of hackers has shown that kind of restraint. Hackers now believed to be the Russian group Sandworm used exactly the sort of access to electricity control interfaces that Symantec describes Dragonfly having to shut off the power to a quarter million Ukrainians in December 2015. In one case they took over the remote help desk tool of a Ukrainian energy utility to hijack engineers’ mouse controls and manually clicked through dozens of circuit breakers, turning off the power to tens of thousands of people as the engineers watched helplessly.

Operations like that one and a more automated blackout attack a year later have made Russia the first suspect in any grid-hacking incident. But Symantec notes that the hackers mostly used freely available tools and existing vulnerabilities in software rather than previously unknown weaknesses, making any attribution more difficult. They found some Russian-language strings of code in the malware used in the intrusions, but also some hints of French. They note that either language could be a “false flag” meant to throw off investigators.

In naming the hacking campaign Dragonfly, however, Symantec does tie it to an earlier, widely analyzed set of intrusions also aimed at the US and European energy sectors, which stretched from as early as 2010 to 2014. The hackers behind that series of attacks, called Dragonfly by Symantec but also known by the names Energetic Bear, Iron Liberty, and Koala, shared many of the same characteristics as the more recent Dragonfly 2.0 attacks, Symantec says, including infection methods, two pieces of malware used in the intrusions, and energy sector victims. And both the security firm Crowdstrike and the US government have linked those earlier Dragonfly attacks with the Kremlin—a report published by the Department of Homeland Security and the FBI last December included the group on its list of known Russian-government hacking operations.

Symantec says it has assisted the power companies that experienced the deepest penetrations, helping them eject the hackers from their networks. The firm also sent warnings to more than a hundred companies about the Dragonfly 2.0 hackers, as well as to the Department of Homeland Security and the North American Electric Reliability Corporation, which is responsible for the stability of the US power grid. NERC didn’t immediate answer WIRED’s request for comment on Symantec’s findings, but DHS spokesperson Scott McConnell wrote in a statement that “DHS is aware of the report and is reviewing it,” and “at this time there is no indication of a threat to public safety.”

…

The Dragonfly hackers remain active even today, Chien warns, and electric utilities should be on high alert. Given that the group has, in some form, been probing and penetrating energy utility targets for the past seven years, don’t expect them to stop now.

“Symantec on Wednesday revealed a new campaign of attacks by a group it is calling Dragonfly 2.0, which it says targeted dozens of energy companies in the spring and summer of this year. In more than 20 cases, Symantec says the hackers successfully gained access to the target companies’ networks. And at a handful of US power firms and at least one company in Turkey—none of which Symantec will name—their forensic analysis found that the hackers obtained what they call operational access: control of the interfaces power company engineers use to send actual commands to equipment like circuit breakers, giving them the ability to stop the flow of electricity into US homes and businesses.”

So if these reports are correct, not only have one or more hacking groups identified as “Dragonfly 2.0” already given themselves the ability to trigger blackouts with the ‘flip of a a switch’ but Russia has already been preemptively blamed too. Even though Symantec emphasizes that it has no proof of any particular state being behind the hacks. Symantec also notes that the hackers appear to be using freely available tools and existing vulnerabilities in software rather than previously unknown weaknesses and saw nothing to tie these hacks to the hacks of the Ukrainian electrical grid attributed to the “Sandworm” hacking group (which is also attributed to the Russian government). But Symantec did see signs of both Russian and French language in the malware, which they warned could obviously be a false flag intended to confuse attribution:

…
Never before have hackers been shown to have that level of control of American power company systems, Chien notes. The only comparable situations, he says, have been the repeated hacker attacks on the Ukrainian grid that twice caused power outages in the country in late 2015 and 2016, the first known hacker-induced blackouts.

The Usual Suspects

Security firms like FireEye and Dragos have pinned those Ukrainian attacks on a hacker group known as Sandworm, believed to be based in Russia. But Symantec stopped short of blaming the more recent attacks on any country or even trying to explain the hackers’ motives. Chien says the company has found no connections between Sandworm and the intrusions it has tracked. Nor has it directly connected the Dragonfly 2.0 campaign to the string of hacker intrusions at US power companies—including a Kansas nuclear facility—known as Palmetto Fusion, which unnamed officials revealed in July and later tied to Russia.

…

And if those hackers did gain the ability to cause a blackout in the US, why did they stop short? Chien reasons that they may have been seeking the option to cause an electric disruption but waiting for an opportunity that would be most strategically useful—say, if an armed conflict broke out, or potentially to issue a well-timed threat that would deter the US from using its own hacking capabilities against another foreign nation’s critical infrastructure. “If these attacks are from a nation state,” Chien says, “one would expect sabotage only in relation to a political event.”

The Ukrainian Precedent

Not every group of hackers has shown that kind of restraint. Hackers now believed to be the Russian group Sandworm used exactly the sort of access to electricity control interfaces that Symantec describes Dragonfly having to shut off the power to a quarter million Ukrainians in December 2015. In one case they took over the remote help desk tool of a Ukrainian energy utility to hijack engineers’ mouse controls and manually clicked through dozens of circuit breakers, turning off the power to tens of thousands of people as the engineers watched helplessly.

Operations like that one and a more automated blackout attack a year later have made Russia the first suspect in any grid-hacking incident. But Symantec notes that the hackers mostly used freely available tools and existing vulnerabilities in software rather than previously unknown weaknesses, making any attribution more difficult. They found some Russian-language strings of code in the malware used in the intrusions, but also some hints of French. They note that either language could be a “false flag” meant to throw off investigators.
…

But while Symantec can’t tie the current hacks to the Ukrainian “Sandworm” hack, it does appear to share a number of characteristics with an earlier set of hacks attributed to Dragonfly 2.0 from 2010-2014. And, of course, Crowdstike and the US government already attributed those earlier attacks to the Russian government, which was included in the DHS’s “Grizzly Steppe” report about the 2016 DNC hacks:

…
In naming the hacking campaign Dragonfly, however, Symantec does tie it to an earlier, widely analyzed set of intrusions also aimed at the US and European energy sectors, which stretched from as early as 2010 to 2014. The hackers behind that series of attacks, called Dragonfly by Symantec but also known by the names Energetic Bear, Iron Liberty, and Koala, shared many of the same characteristics as the more recent Dragonfly 2.0 attacks, Symantec says, including infection methods, two pieces of malware used in the intrusions, and energy sector victims. And both the security firm Crowdstrike and the US government have linked those earlier Dragonfly attacks with the Kremlin—a report published by the Department of Homeland Security and the FBI last December included the group on its list of known Russian-government hacking operations.
…

SAN FRANCISCO — Russian hackers have been systematically targeting hundreds of Western oil and gas companies, as well as energy investment firms, according to private cybersecurity researchers.

The motive behind the attacks appears to be industrial espionage — a natural conclusion given the importance of Russia’s oil and gas industry, the researchers said.

The manner in which the Russian hackers are targeting the companies also gives them the opportunity to seize control of industrial control systems from afar, in much the same way the United States and Israel were able to use the Stuxnet computer worm in 2009 to take control of an Iranian nuclear facility’s computer systems and destroy a fifth of the country’s uranium supply, the researchers said.

The Russian attacks, which have affected over 1,000 organizations in more than 84 countries, were first discovered in August 2012 by researchers at CrowdStrike, a security company in Irvine, Calif. The company noticed an unusually sophisticated and aggressive Russian group targeting the energy sector, in addition to health care, governments and defense contractors.

The group was named “Energetic Bear” because the vast majority of its victims were oil and gas companies. And CrowdStrike’s researchers believed the hackers were backed by the Russian government given their apparent resources and sophistication and because the attacks occurred during Moscow working hours.

A report released Monday by Symantec, a computer security company based in Mountain View, Calif., detailed similar conclusions and added a new element — the Stuxnet-like remote control capability.

In addition to basic hacking techniques, like sending mass emails containing malicious links or attachments, the group infected websites frequented by energy workers and investors in what is known as a “watering hole attack.”

In this attack, instead of targeting a victim’s computer network directly, hackers infect websites their targets visit often — like an online menu for a Chinese restaurant — with malicious software. Without knowing it, workers visiting that site inadvertently download the so-called malware and help the hackers get inside their computer network.

The Russian hackers were careful to cover their tracks, the researchers said. They hid their malware using encryption techniques that made it difficult to identify their tools and where they came from. In some cases, researchers found evidence that the hackers were probing the core of victims’ machines, the part of the computer known as the BIOS, or basic input/output system. Unlike software, which can be patched and updated, once a computer’s hardware gets infected, it typically becomes unusable.

F-Secure, the Finnish security firm, also told its clients last week about the Russian hacking group, which Symantec has named “Dragonfly.”

“The Russian attacks, which have affected over 1,000 organizations in more than 84 countries, were first discovered in August 2012 by researchers at CrowdStrike, a security company in Irvine, Calif. The company noticed an unusually sophisticated and aggressive Russian group targeting the energy sector, in addition to health care, governments and defense contractors.”

And what made Crowdstrike so sure it was looking at a Russian government hacking operation: resources, sophistication, and Moscow working hours:

…
The group was named “Energetic Bear” because the vast majority of its victims were oil and gas companies. And CrowdStrike’s researchers believed the hackers were backed by the Russian government given their apparent resources and sophistication and because the attacks occurred during Moscow working hours.
…

That’s some really compelling evidence, if you ignore how many hacking operations around the world are going to have plenty of resources and the fact that doing all the attacks during Moscow working hours isn’t exactly a sign of sophistication.

Let’s also not forget that it was “Moscow working hours” that was originally used by FireEye to attribute APT28/Fancy Bear with the Russian government back in 2014 too. And it wasn’t that the working hours detail was just a small part of their analysis. Along with the targets (Russia’s targets tend not to be exclusively Russian targets), the malware used (malware is reusable by other hackers unless there are unknown exploits), the language (i.e. leaving Russian language words and Cyrillic characters in the malware code, which is highly spoofable), and the Moscow working hour compile times (again, also highly spoofable) were the major reason for their conclusion that Fancy Bear was working for the Russian government:

SCMagazine.com

FireEye identifies cyber espionage group possibly tied to Russian government

by Adam Greenberg, Senior Reporter
October 28, 2014

The country of Georgia and the Caucasus, Eastern European governments and militaries, and various security-related organizations including the North Atlantic Treaty Organization (NATO) have been the targets of a cyber espionage group – referred to as APT28 – that is believed to Russian, according to FireEye.

Analyzed malware samples feature a consistent use of the Russian language, according to a FireEye report released Tuesday, which adds that more than 96 percent of malware samples were compiled between Monday and Friday and more than 89 percent were compiled between 8AM and 6PM in the time zone paralleling working hours in Moscow and St. Petersburg.http://spitfirelist.com/news/oh-what-tangled-webs-we-weev-ukraine-hacking-nukes-and-serpents-walk/
APT28 is believed to have been operating since at least 2007, and its targeting, malware, language, and working hours has led FireEye to believe that the group is sponsored by the Russian government, Dan McWhorter, VP of threat intelligence with FireEye, told SCMagazine.com in a Tuesday email correspondence.

“APT28 is believed to have been operating since at least 2007, and its targeting, malware, language, and working hours has led FireEye to believe that the group is sponsored by the Russian government, Dan McWhorter, VP of threat intelligence with FireEye, told SCMagazine.com in a Tuesday email correspondence.”

And that same type of questionably conclusive analysis used to attribute Fancy Bear/APT28 to the Russian government appears to have been used for the “Energetic Bear”/Dragonfly Russian government attribution too. And because the current attacks on electical grid systems has some simliarities to those hacks that were questionably attributed to the Russian government back in 2014, we now are apparently suppose to conclude that “Dragonfly 2.0” is also working for the Russian government. A daisy-chain of questionable assumption.

So at this point the only thing we really know is that one of more groups has hacked into US and European electrical grids and if they cause a blackout it’s going to be immediately blamed on the Russian government and potentially cause a major international flashpoint. That’s pretty much all we know. Oh, and we also know that the hackers now know that whatever they do will be blamed on Russia. And that’s the kind of situation where we had better hope they really are Russian hackers. Because if there’s one advantage to the contemporary default position of “Russian hackers did it!” it’s that actual Russian government hackers might be less inclined to engage in a destructive hack, knowing they’ll get blamed whether there’s evidence or not. Of course, this also means that all non-Russian government hackers are going to be more inclined to engage in a destructive hack because, hey, why not spark a conflict with the US and Russia? For the lulz! And any other reasons a non-Russian hacker might have for wanting to foment conclict between two nuclear powers. It’s the downside of reflexively and preemptively blaming difficult/impossible to attribute cyberattacks attacks on Russia: all non-Russian hackers are given the green light to proceed with gusto.

So, yeah, thanks to our “Russia did it!” default approach to these things we have to hope these really were Russian hackers that just hacked into the electrical grid. Because it could be worse than real Russian government hackers in that situation. A lot worse.

Additionally, Valentyn Nalyvaichenko, the former head of the Security Service of Ukraine and a political ally of Tymoshenko, claims he traveled to the US in December and January and delivered to the U.S. Department of Justice proof of “political corruption by (Ukraine’s) top officials.”And he apparently gave the same material to Artemenko in 2015. And while Nalyvaichenko says he doesn’t back Artemenko’s peace plan, he did admit to submit a peace plan of his own to the US government.

And there were even more peace plans from Ukrainian politicians in 2017, including one by Viktor Pinchuk, a Ukrainian oligarch who also a member of the anti-Russian Atlantic Council. So the notion that peace plan proposals were something only a zany pro-Kremlin obscure lawmaker would have engaged in is just not the case (especially since Artemenko doesn’t appear to actually be pro-Kremlin at all).

Andrey Artemenko said he wanted to be a peacemaker. But within a week of the New York Times revealing on Feb. 19 that the little-known Ukrainian parliamentarian had brought to Washington a plan to end Russia’s war against Ukraine, he faced widespread criticism in his homeland. He could even be charged with treason.

That’s because Artemenko’s plan was distinctly pro-Kremlin. The Radical Party lawmaker’s ideas included leasing Crimea to Russia for 50 years and the lifting of economic sanctions against Russia by the United States.

It didn’t take long for the blowback to arrive.

On Feb. 20, Radical Party leader Oleh Lyashko told journalists in parliament that Artemenko had been expelled from the party.

“He (Artemenko) has positioned himself as a ‘peacemaker’, so we expect that he will also give up being a lawmaker,” said Lyashko. “Let those who suggest leasing Crimea first give their apartments to robbers to rent.”

But Artemenko is not the only Ukrainian politician to reach out to the White House behind President Petro Poroshenko’s back.

Yulia Tymoshenko, the former prime minister and leader of Batkivshchyna Party, had a brief meeting with U.S. President Donald J. Trump before the National Prayer Breakfast in Washington on Feb. 3, during which Trump reportedly promised her that he would “not abandon Ukraine.”

And Valentyn Nalyvaichenko, the former head of the Security Service of Ukraine and a political ally of Tymoshenko, says he visited the U.S. in December and January.

Nalyvaichenko told the Kyiv Post he met there with former Republican Senator Jim DeMint, a Trump advisor and president of the conservative the Heritage Foundation, a conservative think tank, and Bob Corker, a Republican senator from Tennessee and Senate Foreign Relations Committee chairman.

Nalyvaichenko said he delivered to the U.S. Department of Justice proof of “political corruption by (Ukraine’s) top officials.” He said also delivered to Ukraine’s Prosecutor General’s Office materials about alleged money laundering and the illegal use of offshore companies by Poroshenko’s business partner and lawmaker Ihor Kononenko.

Back in 2015, Nalyvaichenko gave the compromising materials on Poroshenko to Artemenko, which he claimed to also give to the U.S. authorities.

At the same time, Nalyvaichenko called Artemenko’s idea of leasing Crimea to Russia unacceptable, and said he had brought to the U.S. his own peace plan.

Many peacemakers

Artemenko, who stays in the Rada as an independent parliamentarian, told the Kyiv Post on Feb. 22 that he saw his plan as the only reasonable alternative to the failed Minsk peace process.

“Minsk doesn’t work – that’s obvious,” Artemenko said, adding that it was especially obvious after Russia said on Feb. 18 it recognized the “passports” issued by the Luhansk and Donetsk-based separatists who call the territories they occupy “republics.”

Artemenko is not the only one to suggest an alternative to Minsk. Since December, suggestions to abandon the failed Minsk peace deal have also been made by oligarch Victor Pinchuk, businessman and former governor of Donetsk Oblast Serhiy Taruta, Vadym Chernysh, the minister for the temporarily occupied territories, and Andriy Yermolayev, the head of Nova Ukraina think tank, which is close to Serhiy Lyovochkin, a top lawmaker from the Opposition Bloc and ex-president Viktor Yanukovych’s former chief of staff.

Like Pinchuk or Artemenko, Yermolayev proposed Ukraine adopt a neutral status and also launch a direct dialogue between Ukraine and the separatist authorities. Under the plan, the separatist-held zone would be demilitarized and placed under the control of UN peacekeepers and armed monitors from the Organization for Security and Cooperation in Europe.

Lyashko later claimed the Kremlin was behind Artemenko’s plan. He said that Artemenko worked on the plan with Lyovochkin, Opposition Bloc faction leader Yuriy Boyko, and Ukrainian politician and close friend of Putin Viktor Medvedchuk.

Medvedchuk’s spokesperson Oleg Babanin told the Kyiv Post on Feb. 22 that the politician had had nothing to do with Artemenko’s plan. He described Lyashko’s claims as “not serious.”

Artemenko confirmed that he worked on the plan with several Ukrainian lawmakers, but said they are now afraid to admit this because of the negative public reaction to the proposed deal.

Artemenko told the Kyiv Post he was going to have a press conference in Washington early in March, at which he will reveal all the details of his plan – and compromising material about Poroshenko, which he supposedly received from Nalyvaichenko.

Meanwhile, fugitive lawmaker Oleksandr Onyshchenko told the Kyiv Post that Artemenko’s evidence of Poroshenko’s alleged corruption was similar to materials he himself had submitted to the U.S. authorities in December. Nalyvaichenko, however, denied having any links with Onyshchenko.

“But Artemenko is not the only Ukrainian politician to reach out to the White House behind President Petro Poroshenko’s back.”

Nope, Artmenko in his peace plan efforts. He had competition in the secret peace plan department from Valentyn Nalyvaichenko, the former head of the Security Service of Ukraine and a political ally of Tymoshenko. Although it’s unclear how much competition he had since we don’t get to know any of the details of that alternative peace proposal. We just know that Nalyvaichenko didn’t like the proposal to have Russia lease Crimea. Other than that we have no idea how similar these plans were, but we do know that Nalyvaichenko was working with Artemenko on some level since he apparently gave Artemenko his anti-Poroshenko corruption evidence back in 2015:

…Yulia Tymoshenko, the former prime minister and leader of Batkivshchyna Party, had a brief meeting with U.S. President Donald J. Trump before the National Prayer Breakfast in Washington on Feb. 3, during which Trump reportedly promised her that he would “not abandon Ukraine.”

And Valentyn Nalyvaichenko, the former head of the Security Service of Ukraine and a political ally of Tymoshenko, says he visited the U.S. in December and January.

Nalyvaichenko told the Kyiv Post he met there with former Republican Senator Jim DeMint, a Trump advisor and president of the conservative the Heritage Foundation, a conservative think tank, and Bob Corker, a Republican senator from Tennessee and Senate Foreign Relations Committee chairman.

Nalyvaichenko said he delivered to the U.S. Department of Justice proof of “political corruption by (Ukraine’s) top officials.” He said also delivered to Ukraine’s Prosecutor General’s Office materials about alleged money laundering and the illegal use of offshore companies by Poroshenko’s business partner and lawmaker Ihor Kononenko.

Back in 2015, Nalyvaichenko gave the compromising materials on Poroshenko to Artemenko, which he claimed to also give to the U.S. authorities.

At the same time, Nalyvaichenko called Artemenko’s idea of leasing Crimea to Russia unacceptable, and said he had brought to the U.S. his own peace plan.
…

And the peace plans were limited to Nalyvaichenko and Artemenko:

…Many peacemakers

Artemenko, who stays in the Rada as an independent parliamentarian, told the Kyiv Post on Feb. 22 that he saw his plan as the only reasonable alternative to the failed Minsk peace process.

“Minsk doesn’t work – that’s obvious,” Artemenko said, adding that it was especially obvious after Russia said on Feb. 18 it recognized the “passports” issued by the Luhansk and Donetsk-based separatists who call the territories they occupy “republics.”

Artemenko is not the only one to suggest an alternative to Minsk. Since December, suggestions to abandon the failed Minsk peace deal have also been made by oligarch Victor Pinchuk, businessman and former governor of Donetsk Oblast Serhiy Taruta, Vadym Chernysh, the minister for the temporarily occupied territories, and Andriy Yermolayev, the head of Nova Ukraina think tank, which is close to Serhiy Lyovochkin, a top lawmaker from the Opposition Bloc and ex-president Viktor Yanukovych’s former chief of staff.
…

‘Peace’ was in the air in late 2016-2017. At least something was in the air.

Now ex-Radical Party member of parliament Andrey Artemenko came under criticism from all sides after the New York Times revealed on Feb. 19 that he was trying to broker his own peace plan to end Russia’s war against Ukraine.

The plan was distinctly pro-Russian, but even the Russians rejected it and his freelance, amateurish diplomacy got him kicked out of his own party, although he remains a member of parliament.

His ideas included leasing Crimea to Russia for 50 years and the lifting of economic sanctions against Russia by U.S. President Donald J. Trump.

Dmitry Peskov, Vladimir Putin’s press secretary, denied prior knowledge of the sealed plan, which includes a suggestion that Ukraine lease Crimea to Russia, which annexed the region in 2014, the Telegraph in London quoted him as saying. “There’s nothing to talk about. How can Russia rent its own region from itself?” Peskov said.

Artemenko described himself to the New York Times as a Trump-style politician.

The 48-year-old lawmaker’s biography is colorful and controversial: He has a wife who is a model, he served 2.5 years in prison without a trial, he has business in U.S and he is involved in the military trade to the war zones in the Middle East. At home, he has close ties with the ultra-nationalistic Right Sector.

“I demand Andrey Artemenko discard as a lawmaker. He has no rights to represent our faction and party. Our position is unchangeable – Russia is the aggressor and must get away from Ukrainian territories,” Oleh Lyashko, Radical Party leader said to the journalist in Verkhovna Rada on Feb. 20.

“Nobody in Radical Party trades Ukraine,” Lyashko said. “To lease Crimea to Russia is the same as to give your own mother for rent to the traveling circus.”

Artemenko told the New York Times that many people would criticize him as a Russian or American C.I.A. agent for his plan, but peace is what he’s after.

“But how can you find a good solution between our countries if we do not talk?” Artemenko said.

Before the New York Times story, Artemenko wasn’t famous. He may see himself as the next president of Ukraine, but others saw him as just another gray cardinal.

…

Start from Kyiv

Artemenko came into politics after business and jail. According to the biography on his official website, in the early 1990s he founded a law firm that advocated the interests of professional athletes and then he became a president of CSK Kyiv soccer club. In 1998-2000, he was the adviser of than Kyiv Mayor Oleksandr Omelchenko, a member and one of the founders of his party Unity.

In 2002, Artemenko was arrested by the Prosecutor’s General Office of Ukraine on accusations of money laundering and kept in pre-trial detention for more than two years. However, he successfully challenged his imprisonment as illegal and groundless. He said prosecutors were persecuting him in hopes of getting Omelchenko, who was also suspected of money laundering.

In 2004, Artemenko released from pre-trial detention center Lukyanivske on bail of Mikhail Dobkin, a Party of Regions lawmaker.

But in 2006 he became the head of the Kyiv department of Batkivshchyna Party, led by now ex-Prime Minister Yulia Tymoshenko.

In 2007-2013 Artemenko founded several companies that provided military logistics services into the conflict zones and traveled to Saudi Arabia, Syria, and Qatar for business trips.

Since 2013 he has his own charity foundation that helps internally displaced persons from the war-torn Donbas.

True patriot?

Artemenko came to the Verkhovna Rada in 2014 as a Radical Party lawmaker (16th on the party’s list). According to the parliament’s website, Artemenko is the deputy head of the European Integration Committee and responsible for diplomatic connections with Saudi Arabia, Qatar, United States, Kuwait, Lithuania and Belarus.

The lawmaker took an active part in EuroMaidan Revolution in 2013-2014 that deposed President Viktor Yanukovych.

In 2014 he joined the Right Sector political party and was rumored to be one of the sponsors of its leader, Dmytro Yarosh, during his presidential election campaign in 2014.

There is even a photo of Artemenko, seating among the Right Sector Party founders at the first party meeting in March 2014.

Right Sector spokesperson Artem Skoropadsky told the Kyiv Post on Feb. 20 that he couldn’t confirm or deny whether Artemenko financed the Right Sector Party.

“I was never into all the ‘financial stuff,’ but I have no information about him giving the money. I remember all those guys like him (Artemenko) and (Borislav) Bereza just came to us after March 22. They weren’t Right Sector members during the Revolution of Dignity,” said Skoropadsky.

He said that after the end of EuroMaidan Revolution there was a “mess” in Right Sector. Dozens of people a day was coming to the activists only in Kyiv.

“The ones who could afford it gave us money, others help in different ways. But as soon as we started building the structure of the organization, the guys like Artemenko and Bereza went to the other parties, came in Rada or other government structures,” Skoropadsky recalled.

———-

“But in 2006 he became the head of the Kyiv department of Batkivshchyna Party, led by now ex-Prime Minister Yulia Tymoshenko.”

So in 2006 Artemenko becomes head of the Kiev department of Tymoshenko’s party, and then it doesn’t appear that he aligns himself with a different party until 2014, when he participate in the Maidan revolution and later helps form Right Sector/Pravy Sektor and joins the Radical Party:

…
The lawmaker took an active part in EuroMaidan Revolution in 2013-2014 that deposed President Viktor Yanukovych.
And it was In 2014 he joined the Right Sector political party and was rumored to be one of the sponsors of its leader, Dmytro Yarosh, during his presidential election campaign in 2014.

There is even a photo of Artemenko, seating among the Right Sector Party founders at the first party meeting in March 2014.

Right Sector spokesperson Artem Skoropadsky told the Kyiv Post on Feb. 20 that he couldn’t confirm or deny whether Artemenko financed the Right Sector Party.
…

But there was another important claim by Artemaneko in the article that could also go quite a way in clearing up who may have been working with Artemenko on his ‘peace plan’. The peace plan that’s characterized as ‘pro-Kremiln’ despite the fact that it involves handing Crimea back to Ukraine and just leasing it out for 100 years and toppling Petro Poroshenko in a corruption scandal so Artemenko could take his place (it’s mostly just a pro-Artemenko plan). Artemenko asserts that he worked on this peace plan with other Ukrainian MPs who don’t want to be named. And while that leaves us speculating, he also recounts a previous attempt to negotiate with the Kremlin that should be kept in mind when assessing the likelihood that Right Sector may have been willing to engage in a back-channel negotiation with the Kremlin: According to Artemenko, Right Sector’s leadership had a meeting a few days before the Crimea referendum in 2014 with other right movement leaders and over the course of that meeting it was decided that Mykola Karpyuk would travel to Russia with the head of the Kiev Right Sector division and try to negotiate a resolution that would avoid the referendum. Karpyuk did exactly that, was arrested at the Russian-Ukrainian border, and sentenced to 22.5 years in prison for his participation in the Chechen civil war (see FTR#911 for more on the UNA-UNSO participation in the Chechen civil war).

Political renegade, Trump fan and treasurer of the “Right Sector”. What do we know about the MP Andrii Artemenko?

The MP Andrii Artemenko of the right-wing “Oleh Lyashko’s Radical Party” handed over a plan concerning Ukraine to then US National Security Advisor Michael Flynn. The plan included a proposal how to reconcile Ukraine and Russia and lift anti-Russian sanctions. In particular, it suggested to hold all-Ukrainian referendum on leasing Crimea to Russia, withdrawal of troops from Ukraine and lifting sanctions from Russia. Kremlin called the plan ‘an absurd’ and denied connections to formation of it.

A week later Flynn resigned because of his leaked conversations with Russian diplomats on lifting American sanctions. In an interview with “Strana.ua” Artemenko claimed, that he turned over material compromising Poroshenko to the American government with the help of Valentin Nalivaychenko – Head of Ukrainian Security Service.

In interview with Russian radio station “Echo of Moscow” he said: “I won’t deny, I sympathised with Trump since his confirmation. I am convinced that the American people ought to have elected someone like him. There are new international agreements in the making, new possibilities, also to end the Ukraine crisis. I can’t look at what Ukraine has become, the economic collapse we’re in. Poroshenko’s and the current government’s politics have led the country to a point, at which the loss of our autonomy and unity is a matter of days. The main goal and my duty is to establish peace. I am glad that my colleagues – the congressmen of the US, the Ukrainian MPs and hopefully the Russian MPs as well – will support my initiative. I hope we can create a platform to put an end to this ghastly conflict.”

Who is Andrii Artemenko?

Andrii Artemenko is a known renegade. He was the president of ?SKA Kiev football club, later he went to prison for stealing $4 million through it. He also was Kyiv mayor advisor in 2000, before going to prison.

Artemenko was imprisoned together with Mykola Karpyuk – a frontman of far-right Ukrainian organization UNA-UNSO till March 2014. In 2000-2001 he and Artemenko were activists in protests “Ukraine without Kuchma” (ex-president of Ukraine) and were jailed for 4,5 years. During Maidan at 2013-2014 Karpyuk’s organization became a part of Right Sector – a union of far-right movements, which was set off during Maidan. In March 2014 after “referendum” in Crimea he went to Russia to negotiate with Putin’s aides about destiny of Crimea. Artemenko insisted on this. He was arrested by FSB officers on Russian-Ukrainian border and later condemned to 22.5 years in prison.

In the 2014 elections Andrii Artemeko entered parliament on the list of “Oleh Lyashko’s Radical Party”, which is more populist, than ideological. Its odious leader was a member of Yulia Tymoshenko Bloc before taking the leadership of a new political movement. His US Viza was cancelled earlier. Artemenko claims that he is responsible for security in the party, as wells as „some economic issues and projects involving the attraction of foreign investments to Ukraine.“ But after NYT article brought to the lights the delivery of a ‘peace plan’, MP was excluded from the party.

When the second Maidan started, Artemenko ended up – through Karpyuk, who by then was the leader of UNSO – in the “Right Sector”. According to former „Right Sector“ leader Dmytro Yarosh, he was responsible for the finances there. In March. 2014, before the referendum in Crimea, Russian court opened a case on him, accusing Dmytro Yarosh of ‘calls for extremist activity”. Two years after Interpol deleted the information about international search of Dmytro Yarosh. Now he is non-affiliated member of parliament and an advisor to the Chief of the General Staff.

Later he started to oppose Yarosh, before leaving the “Right Sector” and becoming an MP with “Oleh Lyashko’s Radical Party”.

Referendum in Crimea

Artemenko told in Hromadske’s interview that couple days before the referendum on the status of Crimea was held on March, 2014, a meeting with Dmytro Yarosh, Mykola Karpiuk and other right movements took place. They were discussing the annexation of Crimea and a crisis plan.

During the meeting it was decided that Karpiuk with the head of Kyiv Right Sector department will go to Russia to negotiate on the top-level.

“Mykola (Karpiuk) decided to go to Russia by himself. […] Then the question of the annexation of Crimea was arrised, and some propositions from a person, close to Karpiuk, appeared. He suggested they could come and negotiate. Meabe we had a chance to cancel that “referendum”,” said Mr. Yarosh.

The next day after the referendum Mykola Karpiuk and his collegue frim Right Sector were arrested on the Russian-Ukrainian border. Russian court sentenced him to 22,5 years of detention for allegedly participation in the Chechen war on separatists side. Amnesty International called this lawsuit “a mockery of justice”.

Meanwhile Andrii Artemenko started clamour against then leader of Right Sector Dmytro Yarosh and got into the parliament as a member of “Radical Party”.

American ties

What surprises most American analysts and journalists is, how a marginally known and even less influential Ukrainian politician had a connection to the now ex-National Security Advisor to the President of the US. Artemenko claims that he worked seven years in the US and before returning to Ukraine, owned a logistics company in Qatar and that his work was connected to supplying military bases.

In his interview with “Strana.ua”, Artemenko said that his “peace-plan” with Russia had been developed by a group of Ukrainian MPs (he wouldn’t tell names) and two key figures of this story – the personal lawyer and special advisor of Trump, Michael Cohen and the American businessman of Russian origin Felix Sater. Artemenko claims that he has known them for a long time. According to “Strana.ua”, he got acquainted with Sater through mutual friends and Cohen he knows since the time the lawyer founded a family “business on ethanol” in Ukraine.

It was Cohen who left a sealed envelope containing the Ukraine plan in Michael Flynn’s office in the beginning of February. According to Artemenko, he discussed the “peace-plan” with Cohen and Sater “at the time of the primaries, when no one believed that Trump would even be nominated.”

Trump has been acquainted with Sater for a long time. Sater had been Trump’s senior advisor for ten years. He claims that before that he actively cooperated with American intelligence agencies and allegedly helped to find Osama bin Laden.

Michael Cohen – Trump’s lawyer – is said to be the US President’s connecting link to the Kremlin. In January 2017 “BuzzFeed” published an article on Trump’s ties to the Russian government, claiming that Trump has being cooperating with it for many years through Cohen. Among other things the articles says that Cohen met secretly Russian emissaries in Prague on 29 August 2016. He soon insisted on the article to be fake.

Now he is denying that he transmitted the Ukranian MP’s “peace-plan” to the White House. But he confirmed meeting with Artemenko and receiving this plan from him.

“Artemenko was imprisoned together with Mykola Karpyuk – a frontman of far-right Ukrainian organization UNA-UNSO till March 2014. In 2000-2001 he and Artemenko were activists in protests “Ukraine without Kuchma” (ex-president of Ukraine) and were jailed for 4,5 years. During Maidan at 2013-2014 Karpyuk’s organization became a part of Right Sector – a union of far-right movements, which was set off during Maidan. In March 2014 after “referendum” in Crimea he went to Russia to negotiate with Putin’s aides about destiny of Crimea. Artemenko insisted on this. He was arrested by FSB officers on Russian-Ukrainian border and later condemned to 22.5 years in prison.”

When you’re hanging around with UNA-UNSO frontmen in 2000-2001 you just might end up in a neo-Nazi group like Right Sector 2014. It’s not so much a natural progression as a natural continuation.

And note how it’s not just Artemenko who describes this meeting and the decision to send Mykola Karpyuk to Russia. Right Sector’s neo-Nazi leader Dmytro Yarosh confirms that this meeting happened too:

…
Artemenko told in Hromadske’s interview that couple days before the referendum on the status of Crimea was held on March, 2014, a meeting with Dmytro Yarosh, Mykola Karpiuk and other right movements took place. They were discussing the annexation of Crimea and a crisis plan.

During the meeting it was decided that Karpiuk with the head of Kyiv Right Sector department will go to Russia to negotiate on the top-level.

“Mykola (Karpiuk) decided to go to Russia by himself. […] Then the question of the annexation of Crimea was arrised, and some propositions from a person, close to Karpiuk, appeared. He suggested they could come and negotiate. Meabe we had a chance to cancel that “referendum”,” said Mr. Yarosh.

The next day after the referendum Mykola Karpiuk and his collegue frim Right Sector were arrested on the Russian-Ukrainian border. Russian court sentenced him to 22,5 years of detention for allegedly participation in the Chechen war on separatists side. Amnesty International called this lawsuit “a mockery of justice”.
…

““Mykola (Karpiuk) decided to go to Russia by himself. […] Then the question of the annexation of Crimea was arrised, and some propositions from a person, close to Karpiuk, appeared. He suggested they could come and negotiate. Meabe we had a chance to cancel that “referendum”,” said Mr. Yarosh.”

So this isn’t just Andereii Artemenko telling tall tales. If it’s a tall tale, Dmyrto Yarosh is in on it. And the events of 2016 only buttress the events of 2014.

And note Karpyuk’s arrest and sentencing to 22.5 years isn’t in question. His sentencing has been widely reported in Ukraine in a case that’s described as a judicial farce of made up lies about Karpyuk fighting in Chechnya. And as the following article from May of 2016 also makes clear, any mention of a Right Sector ‘peace plan’ for Crimea being the reason for Karpyuk’s arrest is not part of the coverage (his arrest is described as “unclear circumstances” in the following piece). So there’s clearly been no desire to have this 2014 peace plan outreach attempt by Right Sector discussed in public, which is part of why the admission Artemenko and Yarosh appear to have made in the above interview is so notable. No one involved with this failed 2014 far-right outreach to the Kremlin has really wanted to talk about it, despite the jailing of Karpyuk being a a case followed in the Ukrainian media:

Unian.info

Chechen court ruling: Karpiuk sentenced to 22.5 years, Klykh should serve 20 years

Judge of the Supreme Court of the Republic of Chechnya Vakhit Ismailov has ruled to sentence Ukrainian citizen Mykola Karpiuk to 22.5 years in a strict-regime penal colony, another Ukrainian citizen Stanislav Klykh has been sentenced to 20 years in prison, according to Radio Free Europe/Radio Liberty freelance journalist Anton Naumlyuk

19:42, 26 May 2016

“Both Ukrainians signed an application for submitting an appeal against the court’s decision,” he wrote on Facebook on Thursday.
[see Facebook post]
As was reported, a prosecutor in Russia’s North Caucasus region of Chechnya called for two Ukrainian citizens convicted of fighting alongside Chechen separatists in the 1990s to be sentenced to 22.5 and 22 years in prison, respectively.

Karpiuk, born in 1964, the leader of the Ukrainian National Assembly-Ukrainian National Self-Defense (UNA-UNSO) and one of the founders of the Right Sector, was detained under unclear circumstances in Russia on March 21, 2014. Based only on the statements of a Crimean recidivist serving a sentence in a Russian colony, the Russian services fabricated a criminal case against Karpiuk, claiming he allegedly fought against federal troops during the First Chechen War and even killed a number of Russian soldiers. Stanislav Klykh, a historian, was detained on August 11, 2014, when he arrived to visit his girlfriend in the Russian city of Orel. The Russian authorities accused him along with Karpiuk of involvement in the murder of Russian soldiers during the First Chechen War. The two Ukrainians deny their guilt, saying that they were tortured to witness. Ukrainian President Petro Poroshenko said that Karpiuk and Klykh should be freed under the Minsk agreements.

“Karpiuk, born in 1964, the leader of the Ukrainian National Assembly-Ukrainian National Self-Defense (UNA-UNSO) and one of the founders of the Right Sector, was detained under unclear circumstances in Russia on March 21, 2014. Based only on the statements of a Crimean recidivist serving a sentence in a Russian colony, the Russian services fabricated a criminal case against Karpiuk, claiming he allegedly fought against federal troops during the First Chechen War and even killed a number of Russian soldiers. Stanislav Klykh, a historian, was detained on August 11, 2014, when he arrived to visit his girlfriend in the Russian city of Orel. The Russian authorities accused him along with Karpiuk of involvement in the murder of Russian soldiers during the First Chechen War. The two Ukrainians deny their guilt, saying that they were tortured to witness. Ukrainian President Petro Poroshenko said that Karpiuk and Klykh should be freed under the Minsk agreements.”

Karpyuk was “detained under unclear circumstances in Russia on March 21, 2014.” That’s the general level of detail you’ll find in the stories on his arrest. But it appears Artemenko and Yarosh just revealed what exactly led to that arrest in the above interview and it was some sort of proposal Right Sector was willing to offer the Kremlin. Presumably a proposal involving extending Russia’s lease on Crimea and somehow getting Right Sector vaulted into power. You know, pretty much Artemenko’s plan.